Combining Sustainability and Cybersecurity: Century Iron & Steel and Century Wind Power Both Receive ISO 27001 Information Security Certification
TAIPEI, April 19, 2024 /PRNewswire/ -- Information security is now a critical issue that no enterprise can afford to ignore. Century Iron & Steel Industrial Co., Ltd. ("CIS") and its subsidiary Century Wind Power ("CWP") have both now received ISO/IEC 27001:2022 Information Security Management System certification from TÜV Rheinland. The certificates are proof that the two companies' information security system management meets international standards and effectively supports their information security. CIS considers sustainable development to be one of its core values. EN 1090 and ISO 3834 certifications were obtained in 2018, demonstrating to customers the quality of welding management at the company from material selection to production. In recent years, CIS has focused its efforts on energy conservation and environmental protection, resulting in the further obtaining of ISO 14001, ISO 14064-1, and ISO 50001 international certifications. At the certificate presentation ceremony on March 29, 2024, Mr. Gonzalo de Castro Alberto, Senior Vice President of Global Operations at TÜV Rheinland, presented the Chairman of the Board, Wen-Xiang Lai of the Century Group, with the ISO/IEC 27001:2022 Information Security Management System certification.
The ISO 27001 Information Security Management System Standard provides businesses with a set of international standards for the establishment, operation, maintenance, and continuous improvement of their information security management systems. The standard not only embodies current best practice in information security management but is also a key tool for responding to constantly evolving information security risks. Through conformity with ISO 27001, businesses can build a comprehensive information security management system for preventing and responding to all kinds of information security risks. Recognizing the importance of information security, CIS and CWP established an Information Security Management Committee in August 2023, responsible for planning, promoting, and implementing the deployment and DevOps of information security management systems. Prevention, continuous monitoring, and emergency response were emphasized during the management planning, which passed the audit by TÜV Rheinland.
Corporate resources are finite, making the prioritization of upgrades to key systems even more important. From account management, supply chain information flow, and hacker protection to building team consensus on system improvements -- TÜV Rheinland auditors helped CIS and CWP strengthen key aspects of their information security system, including virus protection, sensitive document management, and asset management. For businesses, preventing unauthorized access to and theft of critical data from production lines and supply chains are no less important than the optimization of production processes and improving efficiency. If trade secrets like production formulas are leaked, this may represent the loss of years of work. In today's highly digitized environment the manufacturing industry is coming under an increasing array of information security threats, including data leaks, ransomware attacks, and vulnerabilities in the supply chain. The proper protection of business data and information systems is not only critical to a company's interests, but also to the trust of stakeholders. Being properly prepared for preventing and responding to ransomware attacks facilitates the sharing of security data and leads to more opportunities for collaboration.
Information security management is critical to ESG and plays a key role in corporate governance. TÜV Rheinland reminds businesses that ISO 27001 differs from other ISO 9001 management systems in that it requires constant monitoring and dynamic adjustment in response to external changes. The focus of other management systems is on improving stability. How to identify and mitigate the business impact of risks need to be clearly defined. For example, to what extent will a power outage impact a business, and what capacity is needed for an uninterruptible power system to mitigate the impact? All of these require a consensus to be built rather than the pursuit of 100% risk elimination. TÜV Rheinland has accumulated a wealth of experience in the information security management field and understands the requirements of enterprise information security regulations, and can therefore help businesses set up comprehensive processes and systems for risk prevention.
SOURCE TUV Rheinland Taiwan Ltd.
Share this article