An Innovative Partner in Retailing

PChome is committed to providing secure and robust online shopping environments to customers through continuous system optimization and improved user friendliness. In addition to protecting consumption information relating to our customers, we also regard individual privacy highly as a fundamental assurance. As consumer demands continue to rise, we shall improve our internal structure, risk assessment, and system upgrades to create a more resilient and enhanced information system.

Reliable information security and protection

RectangleCreated with Sketch. Information security governance structure 

In 2018, PChome created the Information Security Department to coordinate the formulation, implementation, risk assessment, control, and compliance auditing of the Company’s information security and protection policies. To implement the information security strategies devised by the Information Security Department and to ensure internal compliance with information security-related practices, processes, and regulations, we established an information security task force in 2021 to take charge of the prevention, audit, governance, and crisis management of information security-related affairs. The GM assigns an information security executive to serve as the task force convener. Members are responsible for the protection, audit, governance, and crisis management of information security-related affairs. Additionally, the senior-level managers from all business units form an information security implementation task force to carry out policy implementation tasks.
At PChome, an information security general meeting is held every season to review and decide the relevant solutions and policies on information security and information protection, and to ensure the effectiveness of our management measures. To strengthen our information security protection and achieve a systematized set of norms, in December 2021 we formulated 12 major information security policies based on the ISO27001 international standard. Policy integrity, applicability, and legitimacy are reviewed on a regular basis every year so as to further ensure that policies progress with the times, meet practical demands, and guarantee safe and secure customer transactions.

To ensure that consumers feel secure when they shop online and have no concerns about information security issues or privacy breaches, PChome’s IT Department has set up reliable information application systems that enhance the security of our web services and our service quality while maintaining the efficiencies of our business and information services. Therefore, every consumer can feel secure when enjoying the convenience of our online services.

RectangleCreated with Sketch. Information security management 

Various information security risks are concomitant with IT developments. PChome has established a comprehensive Internet and computer security protection system that includes access control and information management measures to control or maintain essential processes such as company operations as well as information security management. Based on our information security risk analysis and assessment, our potential risks mainly come from online attacks generated by third-party malware. To prevent such attacks from stealing our trade secrets, breaching customer data and other confidential information, as well as damaging the rights, interests, and reputation of our company, we employ the five strategies as follows to effectively mitigate any potential information security risks:

Methods for identifying potential information security risks

1. Implementing an internal audit and internal control inspection of the information systems on a regular basis every quarter
2. Using automated tools and procedures to identify the potential risks in information systems every quarter
3. Reviewing and evaluating information security-related regulations and procedures annually, so as to ensure their appropriateness and effectiveness
4. Organizing annual information security audits to mitigate information security risks
5. Performing cyber defense exercises on our business information systems from time to time

Methods for resolving the identified potential information security risks

1. Inspecting the status of internal audit and internal control management risks through information security audits, so as to ensure the effectiveness of information security policy implementation
2. Inspecting the outcomes of the cyber defense exercises performed on our business information systems and identifying unknown vulnerabilities and inappropriate settings, so as to prevent hacker attacks and unlawful use
3. Performing in-depth investigations on abnormalities in outsourcing contracts to ensure that vendors fulfill their information security non-disclosure obligations

With regard to the process of reporting and handling information security incidents, PChome has devised an incident and emergency reporting procedure that systematically consolidates reporting, interpretation and analysis, treatment, review, and improvement procedures. This ensures that information security incidents are resolved quickly and appropriately and that similar incidents can be prevented in the future. PChome did not experience any incidents of data breach, data loss, or missing customer data in 2021. We shall continue to implement our internal information security strategies to safeguard company information and customer rights and interest.

RectangleCreated with Sketch.Routine information security measures 

PChome developed four information security-related aspects in 2021: information security management, training courses and examinations, external audits, and internal audits. We also organize a quarterly information security general meeting to convey the information security-related highlights of each quarter to our employees. In light of the rising frequency of information security incidents at home and abroad, as well as the uniqueness of the e-commerce industry, we drastically improved the frequency and intensity of information system testing in 2021. Information security defense drills are performed frequently to systematically enhance employee awareness and vigilance toward information security and prevent the occurrence of information security risks. Going forward, we shall continue our efforts in implementing various information security tasks, analyze information security incidents from abroad, assess our information security defense capabilities, and incorporate cloud security and ransomware defense strategies as key task objectives.

RectangleCreated with Sketch.Information security training program 

To improve our employees’ awareness and understanding of information security, PChome organizes an information security general meeting on a quarterly basis to convey relevant information. At the same time, we follow up on the progress and status of information security tasks in each department, while detailing information security events and news relevant to each department so as to remind them of precautionary measures and defense methods. In 2021, we also organized external training programs for employees to ensure they are updated with the latest information security-related trends and knowledge.

RectangleCreated with Sketch.Information security training program 

To protect consumer privacy, PChome protects customer data in accordance with our Terms of Service and Privacy Statement. The Privacy Statement and the disclosures therein are applicable only to the websites and mobile applications owned and operated by PChome. PChome will not provide information sufficient to identify a user to any third party (either onshore or offshore), or use the data for any purpose other than the purpose for which it is collected, unless the Company gives prior explanation, or as necessary for the purpose of completing provision of services, or fulfilling contractual obligations, or in accordance with the relevant laws and regulations or as ordered or requested by a competent authority. To this end, no members were involved in the following company activities in 2021: marketing, consumer/customer management and service, providing online shopping and other e-commerce services, protecting the rights and interests of the parties and stakeholders, providing after-sales services, handling reward activities, and engaging in other registered services or services specified in the Articles of Incorporation. Additionally, for the purpose of implementing e-commercerelated business, PChome may collect behavioral customer data and personally identifiable information (PII) based on user registration details and purchase history. We conditionally assess the commercial behaviors conducive to promoting our business activities while complying with information security regulations.
In addition, PChome has defined the relevant regulations for each stage in the information life cycle. For more details, please refer to the PChome Online Inc. Terms of Service and Privacy Statement.

In addition to protecting customer data security and privacy, PChome is also committed to safeguarding internet safety for children. We offer tips on how to teach children to use the internet safely and allow children and their parents to protect their security and privacy online. For more information, please refer to our internet safety guide for children.

Internet Child Safety:https://member.pchome.com.tw/child.html

Privacy Statement:http://faq.pchome.com.tw/faq_solution.html?q_id=16&c_nickname=member&f_id=4

PChome Online Inc. Terms of Service:https://member.pchome.com.tw/law.html

charactor05Created with Sketch.
charactor01Created with Sketch.
charactor03Created with Sketch.
buloom01Created with Sketch.
buloom02Created with Sketch.
charactor04Created with Sketch.
回到頂端

2020

財團法人公共關係基金會-2020年傑出公關獎-品牌傳播獎 傑出獎 (私部門類)