Home > ESG > Governance > Information Security Management
Home > ESG > Governance > Information Security Management
Information Security Management
Home > ESG > Governance > Information Security Management
Information Security Management
Information Security Organization and Structure
In order to fully manage information and communication security, D-Link has established the “Information Security Management Committee” in 2021. The President shall act as the convener to supervise the information security policies of the entire company. The Committee references the ISO 27001:2013 information security management system international standards and the public company internal control system establishment guidelines. The IT and Information Security Department serves as the dedicated information security unit and the department head shall act as the information security management representative to coordinate the formulation, execution, risk management, and compliance audit of information security and protection related policies. Each information security related unit (product, personal data, privacy, etc.) shall appoint an information security representative to regularly convene information security meetings. They shall discuss information security policies and other material issues related to information security, as well as supervise the execution of the company’s information security operations and the effectiveness of the information security risk management mechanisms. The execution results of the information security management operations and systems of the entire information security management organization shall be reported to the Board of Directors regularly.

D-Link Information Security Organization

Information Security Management Strategy
D-Link’s Board of Directors has passed the “Information Security Management Policy” on February 22, 2022. The confidentiality, integrity, availability, and legality of information assets are reviewed regularly every year.
Information Security for Systems
D-Link has passed the “ISO/IEC 27001:2013 Information Security Management System (ISMS)” international certification. The effective period of the current certification is from October 16, 2020, to October 15, 2023. Through the introduction of the ISO 27001 Information Security Management System, we have strengthened our response and handling capabilities for information security incidents to protect the security of the company’s and customers’ information assets.

Information Security for Products
D-Link has passed the “IEC 62443-4-1:2018 Secure Product Development Lifecycle Requirements” international certification in 2020. The effective period of the current certification is from November 30, 2020, to November 29, 2025. The requirements have been introduced in product lifecycles from product design to development and testing, ensuring compliance with the security standards.

Personal Data Protection
D-Link has passed the “BS 10012:2017 Personal Information Management System (PIMS)” international certification in 2021. The effective period of the current certification is from December 1, 2021, to November 30, 2024. All procedures and applicable documents related to the standards comply with the EU General Data Protection Regulation (GDPR) requirements.

Privacy Protection
D-Link has obtained “TRUSTe Privacy Certification Label” international certification in March 2022. In order to implement privacy protections and commitments to security, D-Link has been working closely with the globally recognized data privacy management authority, TrustArc Inc., since 2014. TrustArc Inc. provides services such as privacy evaluations, certification, and monitoring tools. The external service website and related domains have passed the company’s audits and certification and have received the TRUSTe Privacy Certification Label.

Information Security Risk Management and
Continued Improvement Framework
D-Link has been cultivating network equipment and services markets for a long time. We place great importance on information security and the scope of our focus includes employees, organizations, supplier and operation related information, and software and hardware. D-Link complies with the ISO/IEC 27001:2013 Information Security Management System standards to formulate the information security policy. We have strengthened information security management to ensure that valuable information assets are protected from intentional or accidental internal and external threats, in order to maintain the confidentiality, integrity, and availability of data. Through the information asset and risk management procedures, we have established and are maintaining the company’s valuable information assets using the “Plan – Do – Check – Act” model. We ensure the continued operation of our business, reduce operational risks, enhance service quality, and ensure the consistent and effective implementation of all information security related policies, procedures, and operating guidelines during daily operations.

Specific Information Security Management Solutions
Information Security Protection and Controls
Network Security
Introduce advanced technologies to conduct computer scans and software updates, strengthen software firewalls and computer controls, and prevent the spread of computer viruses
Device Security
- Improve endpoint anti-virus and virus scanning mechanisms to prevent ransomware and malicious programs from entering the company
- Improve endpoint anti-virus and virus scanning mechanisms to prevent ransomware and malicious programs from entering the company
Web Application Security
- Improve endpoint anti-virus and virus scanning mechanisms to prevent ransomware and malicious programs from entering the company
Continue to strengthen security control mechanisms for applications and repair potential vulnerabilities
Access Control
Stipulate the user password management mechanism, network security service mechanism, and methods of internal network segmentation and external connection to manage remote work and protect network and information security
Password Key Management
- In order to ensure the system operations of the company and confidentiality of accounts, necessary passwords and keys are managed, in order to minimize the risk of leaks and appropriately protect D-Link’s sensitive information Option
Establishing the password policy defines the password strength rules and forces changing the password every three months.
Continuous Operation Management
D-Link shall establish operation continuity plans for important systems and implement annual drills to ensure continued operations
Information Security Incident Management
- In order to reduce the damage caused by information security incidents, information security incident reporting and handling procedures are established
Information Security Risk Review and Continuous Improvements
Education/Training / Promotion
- Strengthen employee vigilance against social engineering attacks through email and implement phishing email detection
- Regularly organize continued operation drills and improve employee information security awareness
Information Security Risk Management and Monitoring
Commission a third-party impartial inspection unit to regularly conduct information security evaluations on the company:
- ISO/IEC 27001:2013 Information Security Management System
- IEC 62443-4-1:2018 Secure Product Development Lifecycle Require
- BS 10012:2017 Personal Information Management System
External Threat Detection and Protection
Commission a third-party impartial inspection unit to regularly conduct vulnerability scanning and regularly collect external threat information. The information is used to perform risk assessments to strengthen external information security threat protection Option
We have joined the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC) to regularly collect external threat information and conduct risk assessments according to the information content. Information security personnel are responsible for confirming and tracking the handling results of the information to strengthen external information security threat protection Option

Resources Invested in Information Security Management
D-Link’s information security measures and execution results include:
-
Passed 4 information security related international certifications, which include ISO/IEC 27001:2013 Information Security Management System certification(Oct, 2022), IEC 62443-4-1:2018 Security For Industrial Automation and Control Systems Part 4-1 certification(valid until: 2025-11-29), BS 10012:2017 Personal Information Management System (Oct, 2022) and TRUSTe’s Enterprise Privacy & Data Governance Practices Certification program (2022).
-
Perform regular vulnerability scans to ensure the security of the company’s information environment (April-August 2022) .
-
Organized over 20 information security related meetings. Implemented information security education for all employees on the internal website every quarter. 1 dedicated member of the dedicated information security unit and 7 information security network management personnel must undergo more than 24 hours of professional information security training every year. The goal for 2023 is to implement 1 hour of information related education and training for all company employees every quarter. Every year, 2 hours of information security education and 2 hours of other information education and training shall be planned.