Sound risk management is the basis of corporate sustainable development. By means of risk controlling and managing process, GIGABYTE first identifies 8 risk dimensions, including operation, finance, innovation, and information security, etc. Further, the potential impact scope of each risk is determined and the risks are assigned to responsible units for sound risk management measures based on their professionals and practical experiences in related fields.

Risk Management and Control Process

Measures of Risk Identification and Management

Information Security Management

In keeping with the GIGABYTE philosophy of “Upgrade Your Life”, corporate information security governance has been introduced to our continued pursuit of corporate sustainability. The Information Security Committee was set up to devise an information security policy and management framework that takes international standards, regulatory requirements, privacy protection, risk management and crisis management into account. A total approach to information security management, planning, oversight and execution has been put into place. The Committee also reports regularly to the President on information security management activities and overall effectiveness of information security management organization.

Governance Organizational Framework
  1. Information security management rules are reviewed and updated every year in accordance with international information security standards (NIST Cybersecurity Framework) and domestic/overseas information security regulations.
  2. Ensure the Confidentiality. Integrity) and Availability of information so that they can be applied to the planning, management and execution of Group business targets in a secure, proper, appropriate and reliable manner.
  3. To continue providing customers with a safe and quality product experience, GIGABYTE must ensure that our information security management for R&D processes, product development, cloud services, and manufacturing supply chain all comply with our information security policy. The goal is the effective reduction of management risk and continued improvement to the overall maturity of information security.
  4. Conduct regular offensive and defensive information security drills, strengthen internal information security awareness through employee training, and implement information security throughout all processes.

Management Goal and Outcome in 2022
  1. Conduct vulnerability scanning and penetration testing to systematically and comprehensively verify security defense capability.
  2. Carry out a drill in information security incident notification and response to fulfill responsibility division and improve handling proficiency.
  3. In response to the rising number of BEC incidents, build anti-fraud email protection measures in systems, conduct information security education and training to 711 employees, and implement social engineering drills 2 times with a total of 4,795 person times involved.
  4. Establish high-security protection mechanisms and introduce multi-factor authentication (MFA) to ensure information operations are secure and accurate while employees work from home during the COVID-19 pandemic.
  5. Establish a cybersecurity joint defense platform for the supply chain.