Information Security-Sustainable SHG | Silks Hotel Group ESG Website

Performance Results

Silks Hotel Group achieved an average customer satisfaction score of 83, with Silks Place Taroko reaching an impressive 92, demonstrating travelers' recognition and high regard for our hotel service quality. Furthermore, on reputable international travel OTA review websites, over 90% of travelers acknowledge our high-quality service.
In 2023, an information security officer was appointed to be responsible for information security management matters.
In 2023, Silks Hotel Group conducted internal training on major information processing for a total of 892 participants, accumulating 223 person-hours.

Future Goals

Short-term Goals

Medium to Long-term Goals

Establish effective security measures to enhance customer trust and satisfaction.
Collaborate with other relevant industries to share best practices and security information, collectively improving the overall security level of the industry.
Conduct at least one annual security assessment of core systems, including vulnerability scans and penetration tests, and one annual internal information security audit.

In response to evolving security threats, invest in technology upgrades, stringent information security management policies, and continuous employee training.

Impact

Silks Hotel Group holds a vast amount of customer personal information, and protecting this data is crucial. A data breach incident would severely damage the hotel's brand reputation and reduce customer trust in the hotel's privacy and security protection, potentially leading them to choose other hotels with higher security. Customer financial losses due to identity theft could result in hefty fines and domestic and international legal proceedings, increasing operating costs. Major information security incidents could also cause hotel system downtime or data loss, affecting operations. To ensure the security of information systems, establishing comprehensive information security policies and regulations is paramount for personal data protection and information security.

Policy Commitment

Silks Hotel Group is committed to building a safe and secure information environment to protect corporate assets and customer data from information security threats. Through continuous education, technology updates, and collaboration with international experts, we continuously strengthen the company's overall information security protection capabilities, effectively safeguarding the interests of both the company and its customers.

Actions Taken

Continuous monitoring and auditing
Conduct regular information security audits and monitoring to ensure compliance with laws and internal security policies.
Employee training
Provide regular information security training to employees, ensuring they understand and adhere to the latest security policies and procedures.
Emergency response plan
The hotel needs to develop and implement an emergency response plan to quickly and effectively address potential information security incidents, minimizing losses and impact.

Evaluation Mechanisms

Silks Hotel Group has formulated an information security policy in accordance with the "Information and Communications Security Management Act and Subordinate Regulations Compilation" issued by the Executive Yuan in September 2021 and the Financial Supervisory Commission's "Guidelines for Information and Communications Security Control for Listed and OTC Companies." The information security policy is regularly reviewed and revised, and reported to the Board of Directors.

Stakeholder Engagement

Silks Hotel Group interacts with customers through various communication channels and utilizes big data analysis to enhance service quality, protect customer data, and maintain long-term business development. Through our data protection management system and its implementation, we ensure that these activities comply with the highest privacy standards and regulatory requirements.

Information Security Policies and Regulations

To strengthen information and communication security protection and management mechanisms, and in compliance with Article 9 of the "Regulations Governing the Establishment of Internal Control Systems by Public Companies" on "Control Operations Related to the Use of Computerized Information Systems for Processing," we have formulated an information security policy in accordance with the "Information and Communications Security Management Act and Subordinate Regulations Compilation" issued by the Executive Yuan in September 2021 and the Financial Supervisory Commission's "Guidelines for Information and Communications Security Control for Listed and OTC Companies." The policy is regularly reviewed and revised, and reported to the Board of Directors.

Establish information system classification and protection standards
Clearly define that the development or introduction of information systems must pass verification by an impartial third party
Appoint an information security officer and one information security personnel to be responsible for information security management matters
Conduct internal information security audits once a year
Establish appropriate backup mechanisms and contingency plans, including core business backup, emergency operating procedures, resource allocation, and other related measures
Implement security control, personnel access control, and environmental maintenance for computer rooms and important areas

Information Security Protection and Control Measures

Silks Hotel Group conducts vulnerability scans and penetration tests on core systems at least once a year. Through objective assessments by third-party professional security consultants, we promptly address any detected security vulnerabilities. The annual information security review covers network architecture, malicious activity monitoring on the network and user side, and security configuration audits for servers and firewalls, effectively blocking potential threats.

Information Security Incidents and Reporting

We have established information security incident response and reporting procedures, including determining the impact of incidents and damage assessment, internal and external reporting processes, methods for notifying other affected agencies, reporting windows, and contact information. If a major information security incident occurs that meets the "Taiwan Stock Exchange Corporation's Procedures for Verification and Public Disclosure of Material Information by Listed Companies," we will handle it in accordance with relevant regulations.

Information Security Awareness and Promotion

We emphasize enhancing employees' information security awareness and skills, especially for information security personnel, who are required to complete at least eight hours of professional security training annually to ensure they can identify and respond to various information security challenges. General users receive at least one hour of general information security education and training per year. These training sessions help employees understand the latest information security technologies and strategies and implement effective security measures in their daily work.

In 2023, Silks Hotel Group conducted internal training on major information processing for a total of 892 participants, accumulating 223 in-person hours.

Number of participants in information security-related training

892

In-person hours of information security-related training

223

Personal Data Protection

We implement specific measures to protect customer privacy, including: transparent privacy statements, right to erasure, diverse communication channels, lawful and compliant data analysis, enhanced information security and privacy protection policies. Silks Hotel Group's privacy statement provides clear guidance on information collection, usage, and deletion, ensuring that customers have control over their personal data at all times.