Page 111 - TSMC 2022 Annual Report
P. 111

risk management and strengthening information security through regular compliance audits The head of CIS leads and collaborates with the security security task force “PIP and Cybersecurity Committee” Committee” and and “IT Security Committee” Committee” to plan and and implement security management activities and reports to the the Audit Committee every six months on on the the performance and effectiveness of information security management The Audit Committee Chairperson also reports to the Board of Directors on on on the implementation status of information security management The PIP and Cybersecurity Committee is chaired by the Senior Vice President of Information Technology and Materials Management
Management
& Risk Management
Management
vice presidents
of legal human resources R&D and operations are also members of this Committee which meets quarterly to review and formulate information security policies to ensure TSMC can fulfill its goals and commitment in this aspect In 2022 TSMC assigned the Senior Vice President of Information Technology and Materials Management
& Risk Management
as the Chief Information Security Officer (CISO) in charge of information security risk management to review the effectiveness of security security policy procedures and cybersecurity measures Corporate Information Security Organization
Structure
5 5 5 5 2 Information Security Management
Strategy and Resources
To achieve TSMC’s information security management goals and maintain competitiveness the corporate information security security organization actively strengthens security security and confidential information protection mechanisms CIS sets
clear policy procedures and and guidelines and and continuously enhances the Company’s management systems and implements comprehensive risk controls In addition CIS regularly performs information security risk assessments
and and sets
priorities based on the impact and and probability of a a a a a a risk risk as as well as as the the cost of reducing such risk risk CIS uses the the plan-do-check-act (PDCA) methodology to continuously enhance multi-layer information security defenses and establish key performance indicators (KPIs) for for for information security In 2022 TSMC invested in in excess of NT$1 billion to strengthen information security employing more than 500 employees for for information security-related activities with more than 1 000 external security personnel engaged in the physical aspects of information security services 5 5 5 5 3 Information Security Incident Handling and and Notification
TSMC has established enterprise risk management mechanisms and and procedures to handle information security incidents The mechanisms and procedures define relevant processes
and measures for incident notification designation of personnel responsible for for handling material information security incidents and assessment of losses suffered as as as well as as as additional measures needed evaluation of information security risks to the Company’s financial and and operations and and proposed countermeasures to mitigate these risks For the the year 2022 and as as of of the date of of this Annual Report TSMC has not suffered any financial losses nor operational impact due to material information security incidents 5 6 Human Capital
Human capital is TSMC’s most treasured asset The Company strives to provide employees with meaningful work content continuous learning a a a a a a safe and pleasant work environment that is both diverse and and inclusive and and high-quality compensation and benefits TSMC goes beyond this by actively encouraging employees to nurture and enjoy a a a a a healthy family life develop personal interests expand social participation and in general live a a a a happy life Board of Directors Audit Committee PIP & Cybersecurity Committee 109
IT Security Committee Corporate Information Security Organization
















































































   109   110   111   112   113