Global Security Management Organization Structure
date of this Annual Report TSMC has not suffered any financial losses nor experienced any operational impact due to material information security incidents 5 6 Human Capital
Human capital is TSMC’s most treasured asset The Company strives to provide employees with meaningful work continuous learning a a a a a a a healthy and and inclusive workplace and and high-quality compensation and benefits TSMC goes beyond this by actively encouraging employees to nurture and enjoy a a a a a healthy family life develop personal interests expand social participation and in general live a a a a happy life 5 6 1 Human Rights Policy and Specific Actions
TSMC strongly believes that respecting human rights and promoting a a a a decent work environment are vitally important The Company is committed to supporting the international human rights standards while complying with local laws in in all all operating locations treating and respecting all all personnel equally The TSMC Human Rights Policy applies to the management team and all employees (those employed by TSMC and receiving wages or compensation) affiliated enterprises suppliers contractors partners (including customers and and communities) and and other stakeholders committed to eliminating any human rights violations Management Principles
● Human Rights Governance Structure
TSMC has established a a a a a human rights governance structure with the the Board of Directors at the the highest level The ESG Committee has established a a a a a cross-department human rights task force encompassing Customer Service Corporate Sustainability Environmental Safety and Health Human Resources Information Information Technology Corporate Information Information Security Materials Management Legal Operations Quality and and and Reliability Research and and and Development and and and other functional organizations to systematically and effectively promote human rights management activities In addition to regularly reporting progress to the the ESG Steering Committee the the chairperson of the ESG Committee reports to The Nominating Corporate Governance and Sustainability Committee under the Board of Directors on on human rights management actions and implementation results ● Due Diligence
TSMC follows the the recommendations of the the OECD Due Diligence
Guidance for Responsible Business Conduct to carry out the Company’s due diligence process TSMC conducts
112
5 5 5 5 2 Information Security Management Strategy and Resources To achieve TSMC’s information security goals and maintain competitiveness the corporate information security organization actively strengthens security and confidential information protection mechanisms GSM sets clear policy procedures and and guidelines and and continuously enhances
the Company’s management systems and implements comprehensive risk controls In addition GSM regularly performs information security risk assessments and sets priorities based on the impact and probability of a a a a a risk as as well as as the the cost of reducing such risk GSM uses the the plan-do-check-act (PDCA) methodology to continuously enhance multi-layer information security defenses and establish key performance indicators (KPIs) for for for information security In 2024 TSMC invested in in excess of NT$1 billion to strengthen information security involving more than 800 employees for for information security-related activities with more than 1 000 external security personnel engaged in the physical aspects of information security services 5 5 5 5 3 Information Security Incident Handling and and Notification
TSMC has established enterprise risk management mechanisms and and procedures to handle information security incidents The mechanisms and procedures define relevant processes
and measures for incident notification designation of personnel responsible for for handling material information security incidents and assessment of losses suffered as as as well as as as additional measures needed evaluation of information security risks to the Company’s financial and and operations and and proposed countermeasures to mitigate these risks In 2024 and as as of the the Board of Directors Audit and Risk Committee PIP and Risk Committee IT Security Committee Global Security Management