News & Events
SYSCOM is now the first enterprise -wide PIMS (BS10012: 2009) certified company in Taiwan
Print
E-mail[2012/8/20] The revised Personal Information Protection Act (the Act) becomes effective October 1st and SYSCOM is responding aggressively to customer needs by introducing the Personal Information Management System (PIMS). The PIMS includes all four phases of the personal data life cycle. So, collection, processing, use, and destruction of data are all included in the PIMS. In August SYSCOM became the first Taiwan system integrator with two special distinctions. We have deployed PIMS enterprise-wide and with this powerful system in place we were granted PIMS BS 10012:2009 certification. At a ceremony on August 20th, authorized certifier SGS presented SYSCOM with our PIMS certificate. SYSCOM has done so much more than simply deploy this system within our own company. We are encouraging other system integrators to support the new Act and using our experience to assist domestic enterprises as they build their own personal information security protection mechanisms and environments. Efforts like these are improving personal data protection, personal data security, and reducing illegal use of stolen personal data for all of Taiwan's citizens.
The severity of data leaks in Taiwan is climbing as the amount of data compromised has increased from hundreds to hundreds of thousands of records per leak. The causes are everything from negligent employees to hackers. A few root causes contribute to personal information data leaks. Particularly, when protecting and auditing, an incomplete deployment of personal information management security systems and the use of inferior technology are all too common. The new Act not only imposes a large burden on an enterprise's reputation but also incurs huge financial penalties – not once -- but with each new data leak. A monetary penalty ranging from 500 NT to 20,000 NT per record with a cap of 2 billion NT -- per leak -- is levied as compensation for those affected. Additionally, a government penalty is imposed, ranging from tens of thousands to hundreds of thousands of NT dollars. In the case of personal information data leaks at financial institutions, owners may face additional legal sanctions unless they can provide sufficient evidence that all efforts were made to safeguard personal information.
The revised Act has specific data lifecycle requirements and when compared to earlier versions of the Act, these were necessarily stricter to bring the Act in line with existing European and APEC regulations. SYSCOM is helping domestic enterprises build personal information protection systems, and we have prepared by implementing our own mechanisms to better help our customers evaluate their data environments and identify how the Act affects them. This includes evaluation of data management, data security, and data security policies. In building the SYSCOM Personal Information Management System (PIMS), we established a Personal Information Protection Committee headed by SYSCOM’s President. The National Information Infrastructure Enterprise Promotion Association (NII) provided consulting advice to this committee for improving SYSCOM’s own data protection processes. These efforts were based on the process flow of P (Plan), D (Do), C (Check) and A (Audit).
Most of Taiwan's industries are highly computerized. This makes it easier to bring in well-known international brands and solutions for data security protection, including data collection, processing, and destruction. To facilitate the entire process, SYSCOM has developed what we call the Personal Information Security Triangle which includes PIMS, document encryption, and data loss prevention. The triangle’s first corner is PIMS. This is a management system for improving personal information management processes. It functions as your first-line defense for your entire enterprise. After the PIMS being established, additional protection solutions can be added and these include web and database security, IT Log (data tracking), SIEM (security event management), and data destruction. Together these make a comprehensive personal information security solution providing complete security protection across your enterprise's various industry vendors and partners. With SYSCOM’s solution in place, should any data loss or data security breach result in accusations of negligence, you and your company are in a good position with evidence to prove that proper and sufficient safeguards and security efforts had been taken.
SYSCOM's key personal information security solution partners include these industry leaders.
Management System – Personal Information Protection Foundation
‧ NII - National Information Infrastructure Enterprise Promotion Association provides consulting services and cooperates with SYSCOM to help enterprises implement solutions in response to the new Act. NII provided assistance and consulting to help SYSCOM pass PIMS BS10012:2009 certification and is working with SYSCOM’s consulting teams to promote PIMS services.
Basic Protection - Enterprise Information Security Infrastructure
‧ Fortinet – This global leader in firewall and Unified Threat Management (UTM) provides enterprise users with web data security infrastructure solutions and web application firewalls.
Client Side - Information Security Front-End Solution
‧ Hitachi Solutions is responsible for IT and software services within the Hitachi Group. Hitachi's HIBUN data encryption solution has Japan's largest share in data encryption market. SYSCOM helped Hitachi produce a localized version of HIBUN for the Taiwan market. SYSCOM distributes this Hitachi solution throughout Taiwan.
‧ TrendMicro is the world famous security vendor and works closely with SYSCOM on client-side DLP and virtualization protection.
Web & Database Security –
Web Security: Enterprise's network security front door
Database Security: Personal Information Data Protection Last-Line Defense
‧ SafeNet is the world famous enterprise security key management vendor. For enterprises keeping their important data in databases, network attached storage (NAS), or storage devices, data security is even more critical. SYSCOM is working with our strategic partner SafeNet to provide data encryption solutions that keep our customer's data safe.
‧ Imperva is a leading brand for global web and database security monitoring and auditing. As threats to web sites and databases evolve, SYSCOM is working with Imperva to give our customers web application firewalls and database auditing systems that keep their web platforms safe.
IT LOG (Data Tracking) and SIEM (Security Event Management) – Personal Information Security Recording Platform
‧ HP is a world famous vendor and each year they add to their product portfolio. HP's new product called ArcSight is designed for IT LOG auditing and integrates with other HP security solutions like Fortify for security leak detection. HP is an important SYSCOM partner for many government projects.
‧ RSA is a critical piece of EMC's security solutions. SYSCOM works closely with RSA EnVision and SIEM (Security Information & Event Management) for data tracking projects. This is an important solution for data tracking auditing and recording in response to the new Act.
Data Destruction - Final phase of the data life cycle
‧ Orient is a leader in magnetic data destruction in Japan and is an important SYSCOM partner for data destruction here in Taiwan. For the final phase of the data life cycle, Orient's solution provides auditing reports and ensures complete data destruction so no leaks are possible.
Once the new Act is in force, companies face two challenges: government inspections and possible lawsuits due to personal information leaks or misuse of personal information. SYSCOM Personal Information Security Integrated Solution helps our customers build strong and complete protection networks. Nearly 40 years of system integration experience and knowledge is helping us provide the industry's best service and solutions to keep our customers safe from security risks.
For further information about the SYSCOM Personal Information Security Integrated Solution, please contact Mr. Lin at (02) 2191-6066 x8873.
References
What is BS 10012:2009?
BS 10012:2009 is a set of guidelines released in June 2009 by the British Standards Institute (BSI) for the Personal Information Management System (PIMS). These guidelines refer to the eight principle rules from the Organization for Economic Cooperation and Development (OECD) for personal privacy protection. The guidelines offer specific instructions and a complete framework for personal information protection standards according to the principles of PDCA — P (plan), D (Do), C (Check), and A (Audit).
