Information Security
  • Customer Service

Information Security

Innovation and Customer Service

Information Security

Performance Results


  • As of the publication of this report in 2024, Silks Hotel Group has not experienced any major information security incidents or suffered related losses; nor have there been any complaints regarding violations of customer privacy or loss of customer data.
  • The Group conducted internal education and training on critical information handling for a total of 366 participants, amounting to 61 training hours.

Future Goals


Short-term Goals
Medium to Long-term Goals

  • Establish effective security measures.
  • Enhance customer trust by implementing contingency plans and conducting security testing.
  • Focus on upgrading cybersecurity systems, enhancing risk alert capabilities, and cultivating professional talent to comprehensively strengthen cybersecurity resilience and system protection effectiveness.
 
Impact

Information security and personal data protection are among the core risks in the hospitality industry. Any data breach or system outage could severely affect brand reputation and customer trust, and may result in substantial fines and legal liabilities. Silks Hotel Group establishes cybersecurity policies and protective measures to maintain operational stability and safeguard customer data.

 
Policy Commitment

In accordance with the "Cybersecurity Management Act" and the Financial Supervisory Commission's cybersecurity guidelines, the Group establishes information security policies and management systems, which are regularly reviewed and reported to the Board of Directors. The Group is committed to enhancing cybersecurity protection, safeguarding customer data privacy, and ensuring operational continuity, in alignment with SDGs Goals 9 and 16.

 
Actions Taken
  • Continuous monitoring and auditing
    Conduct annual system vulnerability scans and penetration tests, and establish multi-layered defense mechanisms and backup plans.
  • Employee training
    Carry out cybersecurity audits, employee training, and security incident drills to strengthen response capabilities.
  • Emergency response plan
    All data interactions follow legal and regulatory compliance principles, and outsourced partners sign confidentiality and cybersecurity agreements.
 
Evaluation Mechanisms

Establish a cybersecurity management framework and audit procedures in accordance with regulations. The Chief Information Security Officer, IT Department, and Audit Office jointly implement policy enforcement and internal audits, and regularly report cybersecurity performance to the Board of Directors to ensure policy compliance and timely risk adjustments.

 
Stakeholder Engagement

The Group addresses customer expectations for privacy through diversified communication channels and data protection management systems. By leveraging big data analytics to optimize service quality and participating in cybersecurity information-sharing organizations, we strengthen stakeholder trust and data security, jointly promoting sustainable information governance.

Information Security Policies and Regulations


The Information Security Policy was most recently updated on March 2, 2023, approved by the Group Chief Financial Officer, covering aspects such as information system construction, user management, backup and contingency, equipment and network protection.

 

  • Establish information system classification and protection standards.
  • Prevent hacker intrusions, malware, and internal misuse.
  • Prevent leakage of confidential information.
  • Implement appropriate backup mechanisms and contingency plans.
  • Ensure business continuity and disaster recovery capability.
  • Strengthen information security management of outsourced services and supply chain monitoring.
  • Enhance overall employee information security awareness and professional competence.
ICT Security Governance Structure

ICT Security Governance Structure

  • Information Office: Responsible for the formulation and implementation of information security policies, risk management, technical controls, system operation and maintenance, and training.
  • Chief Information Security Officer (CISO) and Dedicated Personnel: One CISO and one dedicated information security officer are assigned to manage information security affairs.
  • Audit Office: Acts as the supervisory unit for information security, conducts internal audits, and oversees the rectification and follow-up of deficiencies.
  • Board of Directors: Regularly receives ICT security reports to ensure alignment with strategic direction and governance requirements.

Information Security Protection and Control Measures


Conduct annual vulnerability scanning and penetration testing on core systems, and engage third-party professional institutions for assessments; Implement a multi-layered defense architecture, including antivirus software, APT protection, firewalls, intrusion detection systems, and email filtering; Establish off-site backups, daily backups, and annual disaster recovery drills; Apply multi-factor authentication, account and password policies, and regular permission audits for critical systems; Place computers and servers in dedicated data centers equipped with uninterruptible power supply, voltage stabilization, and automated monitoring systems; Implement network entry control and internet usage management devices to prevent unauthorized connections and bandwidth abuse.

 

Information Security Protection and Control Measures

 

Silks Hotel Group has established a comprehensive information security incident response and reporting mechanism, including:

 

Information Security Communication and Awareness

 

Silks Hotel Group provides monthly information security training for new employees. General staff receive at least one hour of basic information security education annually, while information security personnel participate in no less than eight hours of advanced professional training each year. Additionally, the Group periodically disseminates information security cases and actively participates in domestic information security intelligence-sharing organizations to stay informed of the latest threat trends and response strategies.

In 2024, Silks Hotel Group conducted internal training on major information processing for a total of 366 participants, accumulating 61 training hours.

Number of participants in information security training

366   person-times

Number of hours in information security training

61   person-hours

Personal Data Protection


Silks Hotel Group has established an Information Management Team to promote personal data management policies and related training. In accordance with the Personal Data Protection Act, the Group implements data encryption, masking, access control, and physical isolation, and publishes a transparent privacy statement to ensure customers' rights to access, delete, or correct their personal data at any time. All data analysis and customer interactions comply with legal and regulatory requirements, and clear information security and confidentiality clauses are included in agreements with outsourced vendors, ensuring proper handling of data upon termination of cooperation.

Thank you for your supscription!

Subscribe to Newsletter

Silks Hotel Group will send you regular updates. We look forward to engaging with you further.

Customers

Silks Hotel Group

Proceed to Customer Service

Shareholders

Silks Hotel Group Spokesperson / Ms. Brita Wang

  • T +886-2-25215000 ext.3376
  • E brita.wang@regenttaiwan.com

Employees

Regent Taipei Human Resources Department / Ms. Sara Chien

  • T +886-2-25215000 ext. 3615
  • E sara.chien@regenttaiwan.com