Business Continuity and Technology Risk Management
Business Continuity Management Framework
For the purpose of providing customers with solid and interruption-free service, all subsidiaries of Taishin FHC should follow the competent authorities' rules and the scale of their own businesses and internal management needs and establish business continuity management (BCM) regulations or plans consistent with their own businesses. These regulations and plans serve to maintain key operations and restore normal operation as soon as possible in an emergency involving a natural disaster, emergency fund transfer, IT system disaster, or human error. They mitigate the impact and disruption caused by such disasters and protect the rights of customers and shareholders while reducing risk impact and making the company more competitive.
Responses and Recovery Plans
Business Continuity Plan
Our Business Continuity Plan (BCP) is a pre-planned response and recovery process in response to a disaster to ensure that Taishin FHC can continue to reliably provide key services to important customers at an acceptable minimum operating level. This planning also provides for operational impact analysis, minimum resource requirements, and test drills.
-
Business Impact Analysis (BIA)
-
Serve to determine the target time of recovery, data loss tolerance and the order of restoration as well as the minimum resource requirements for recovery in order to facilitate preparation.
-
Minimum Resource Requirements (MRR)
-
It refers to the backup resources needed to restore one specific operation to the acceptable minimum service level, including personnel, office venue and facilities, computer equipment, software and applications, communication equipment, computer network, important documents, electronic or paper copy of information, means of transportation, and office supplies. The minimum resource requirements should be sufficient to maintain continuity of relevant operations for a period of time.
-
Tests and Drills
-
Once a year. See the section "Drills and Tests" for details.
Drills and Tests
-
Business Continuity Plan Drill
-
The Business Continuity Plan Drill (BCP Drill) is to ensure that after a disaster emerges, the BCP can be activated immediately and to ascertain that it is indeed feasible, so that key operations can be restored to their normal state within the recovery time limit.
-
Information Business Continuity Walkthrough
-
Major irregularities of key IT systems are simulated every six months, and the response plan is carried out under different scenarios to validate and ensure all key IT systems are able to meet the target recovery time and data loss tolerance requirements set in the business impact analysis (BIA). After each drill, test results are reviewed and improvements implemented. The review reports should be submitted to the executive management to ensure the integrity of the system backup environment and smoother system and data recovery processes. The goal is to provide more stable and reliable financial system services and ensure transaction security for customers.
