跳到主要內容
Website Disclaimer
  1. Home
  2. Website Disclaimer
  3. Information Security Management

Information Security Management

To strengthen cybersecurity protection capabilities and achieve the objectives of security, convenience, and uninterrupted operations, the Company continues to optimize and enhance its information security measures. A Chief Information Security Officer (CISO) has been appointed to oversee and coordinate all information security–related matters. In addition, a dedicated information security unit has been established, comprising one information security manager and two information security professionals, who are responsible for implementing information security policies and related systems.<br>Regular information security meetings are held to discuss and track various cybersecurity issues. Each year, the overall execution of information security initiatives is reviewed and summarized, with the results reported to the Board of Directors for evaluation and improvement. An annual statement on the overall status of information security implementation is jointly issued by the Chairman, President, Head of Internal Audit, and the CISO.

As cybersecurity threats continue to evolve, the Company actively responds to external risks by participating in the Financial Information Sharing and Analysis Center (F-ISAC) established by the Financial Supervisory Commission, as well as the Taiwan Computer Emergency Response Team (TWCERT) operated by the National Institute of Cyber Security (NICS). These efforts enhance the Company’s cybersecurity intelligence capabilities and incident response readiness.
The Company has also established an “Information Security Advisory Group,” which reports monthly on relevant cybersecurity issues and implementation progress. In 2025, a total of 21 meetings were convened, providing professional recommendations on cybersecurity governance, management frameworks, and overall execution. These recommendations support the development of new cybersecurity strategies, strengthen financial cybersecurity resilience, and establish a comprehensive incident response system. Furthermore, the Company conducts quarterly cybersecurity and emerging technology security awareness programs (such as AI-related risks, deepfake attacks, and new phishing techniques) for all employees.
To ensure the effective implementation of cybersecurity policies, the Company has formed an “Information Security Management Review Committee” to promote cybersecurity initiatives and handle abnormal incidents. To further enhance customer protection, the Company has also obtained group-wide cybersecurity insurance coverage, including data protection, information system error liability, and unlawful acts, with the aim of minimizing potential losses in the event of cybersecurity incidents.

To ensure the continuous and effective operation of information services, the company has obtained ISO 27001 certification for information security as well as ISO 22301 certification for business continuity management. Additionally, the company participates in the group's dedicated Business Continuity and Information Services Committee, which holds regular meetings to review and update business continuity management policies and ensure their implementation. These efforts aim to continuously improve and provide uninterrupted services to customers.

Information Security Management and Protection
1.Offsite Backup:

Our company is committed to providing high availability and comprehensive trading services. Disaster recovery is an important capability for business continuity, including resource reallocation, offsite backup, emergency response handling, and service recovery. In the event of unexpected incidents such as natural disasters, human errors, or malicious attacks that damage or interrupt key business operations, the disaster recovery mechanism enables a quick return to normal or acceptable service levels.

2.Promoting Cybersecurity Awareness:

Continuously establish and enhance the awareness of information security among all employees in the group, ensuring they understand the impact of information security threats on their lives and work. By doing so, we aim to minimize the risks and cultivate and enhance cybersecurity awareness.

3. Penetration Testing:

Simulating the mindset of attackers to conduct various intrusion attacks on the enterprise, penetration testing involves attempting to infiltrate the company's websites, network systems, storage devices, and other software and hardware with a hacker mentality. The goal is to identify potential vulnerabilities, verify whether the company's equipment and data can be compromised or stolen, and ensure whether their security needs further enhancement.

4.Vulnerability Assessment:

Using software to conduct vulnerability scanning to identify potential weaknesses or vulnerabilities in systems, hosts, and websites. This helps in detecting potential risks and implementing risk control and security enhancements for proactive protection.

5.Continuously cybersecurity management standards and procedures

Continuously cybersecurity management standards and procedures, regularly review the effectiveness of cybersecurity implementation, maintain international cybersecurity certifications and compliance, continuously strengthen cybersecurity protection and establish joint defense mechanisms, cultivate high-quality cybersecurity talent, and enhance professional skills.

Security Certification
ISO 27001 Information Security Certification

ISO 27001 is currently recognized as the most comprehensive international standard for information security management. It utilizes standardized management and control measures to mitigate information security risks, continuously strengthen the defenses of information security management systems, protect business secrets, and prevent information leakage and misuse.Capital Futures has achieved ISO/IEC 27001 certification, demonstrating our highest commitment to customer data and transaction security. We implemented the ISO/IEC 27001 information security management system in 2006 and have consistently maintained certification. The current certificate is valid from February 18, 2024, to February 17, 2027.

ISO 27001 Information Security Certification Certificate Link
ISO 22301 Business Continuity Management Certification

ISO 22301 was developed based on the successful experiences of the UK standard BS 25999 and other regional standards. It aims to protect your business from disruptions caused by potential destructive events, including adverse weather, fires, floods, natural disasters, theft, IT failures, staff illness, or terrorist attacks.By achieving ISO 22301 certification, an organization can identify threats related to operations and the critical activities that may be affected, allowing it to prepare in advance to ensure that operations do not come to a standstill. Capital Futures (Capital Futures WebSite) implemented the ISO 22301 Business Continuity Management System in 2008 and has been regularly certified. The current certificate is valid from November 26, 2023, to November 25, 2026.

ISO 22301 Business Continuity Management Certification Certificate Link
::: Capital Securities Capital Inv. Cons. Capital Insurance Capital Asset Mgmt. Capital HK
Navigation About Governance Sustainable Fair Treatment Anti-Fraud Stakeholders Disclaimer Security Friendly Career ESG Initiatives
Futures Corporation:(02)2700-2888
B1, No. 97, Section 2, Dunhua South Road, Taipei City
Taichung Branch:(04)2319-9909
3F-6, No. 633, Sec. 2, Taiwan Blvd, Xitun Dist, Taichung City
Passed Level A Web Accessibility Testing

Dedicated service

Margin

Contract

LINE@