Case study: How PEGATRON promotes information security
Founded in 2008, PEGATRON is a global leader in DMS (Design, Manufacturing and Service), offering assembly service to customers on a wide range of electronic products in computer products, communication products and consumer electronics. As an excellent partner in green design, manufacturing and service for its customers, protecting customers’ privacy and intellectual property is regarded as a very important duty in PEGATRON Tweet This!.
This case study is based on the 2018 Corporate Social Responsibility Report by PEGATRON published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.
Abstract
To show its determination towards information protection for the products, assets and data of its customers, PEGATRON’s CEO approved its Confidentiality Policy in 2010, to make sure that all information about the products and data of customers is kept confidential. In order to promote information security PEGATRON took action to:
- establish an enterprise level security information task force
- provide training
Subscribe for free and read the rest of this case study
Please subscribe to the SustainCase Newsletter to keep up to date with the latest sustainability news and gain access to over 2000 case studies. These case studies demonstrate how companies are dealing responsibly with their most important impacts, building trust with their stakeholders (Identify > Measure > Manage > Change).
With this case study you will see:
- Which are the most important impacts (material issues) PEGATRON has identified;
- How PEGATRON proceeded with stakeholder engagement, and
- What actions were taken by PEGATRON to promote information security
Already Subscribed? Type your email below and click submit
What are the material issues the company has identified?
In its 2018 Corporate Social Responsibility Report PEGATRON identified a range of material issues, such as economic performance, environmental compliance, labour/management relations, ethics and integrity, effluents and waste. Among these, promoting information security stands out as a key material issue for PEGATRON.
Stakeholder engagement in accordance with the GRI Standards
The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:
Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.
Key stakeholder groups PEGATRON engages with:
| Stakeholder Group | Method of engagement |
| Customer
| · Supplier Conferences · Customer Audits · Regular Meetings · RBA-Online · Customer Websites/Platforms |
| Employee | · Regular Meetings · Internal Website · Internal Publications · Announcements · Grievance Box · Coffee Talks · Hotlines · Labour-Management Meetings |
| Investor | · Monthly Business Reports · Shareholders’ Meetings · Investor Conferences · Annual Reports · Market Observation Post System (MOPS) |
| Supplier
| · Supplier Conferences · Supplier Audits · Supplier Relationship Management · External Communication Mailbox · RBA-Online |
| Community | · External Communication Mailbox |
| Competitor | · Conferences |
| Government | · Public Hearings on Policy · Questionnaires & Interviews · Projects and Initiatives · Conferences |
| Media
| · Press Conferences · Press Releases · External Communication Mailbox |
| NGO | · Participate Organisations · Conferences · External Communication Mailbox |
How stakeholder engagement was made to identify material issues
To identify and prioritise material topics PEGATRON collected stakeholders’ suggestions through questionnaires.
What actions were taken by PEGATRON to promote information security?
In its 2018 Corporate Social Responsibility Report PEGATRON reports that it took the following actions for promoting information security:
- Establishing an enterprise level security information task force
- To meet customers’ requirements for information security, and protect customers’ privacy and intellectual property, PEGATRON has established an enterprise level security information task force for governing the data, reduce the risk level and meet its customer needs. PEGATRON rigorously reviews data, business application, the operation system, intranet, extranet, physical environment, procedures & policy and carries out complete control when creating an account, requiring a password, applying and setting the access authority, applying an ID, limiting log in authority, recording audit records and getting multiple certifications. For the actual construction and building protection of information assets, PEGATRON controls the security in all accesses strictly and implements the Disaster Recovery System. Additionally, PEGATRON implements the structure of the high-availability system to ensure information continuity. PEGATRON uses an encryption system to protect and control the access authority for confidential and sensitive documents, and also adopts an encryption and private communication protocol to ensure the confidentiality of important data.
- Providing training
- In addition to periodical backup, PEGATRON implements a remote backup mechanism to ensure the completeness of data preservation. To enhance the awareness of security for all relevant personnel, PEGATRON not only propagates information security and confidentiality periodically, but also carries out relevant customised training programmes for different personnel, according to their operations. These include security operation concept introduction, standard operating procedure introduction, crime prevention and compliance with the security policy. Moreover, employees whose operations are related to confidential information need to sign confidentiality agreements, and have the obligation of accepting information security audits. To ensure the effectiveness of the information security management system, PEGATRON conducts internal audits annually, to meet customer requirements. Through continuous improvement and the reduction of threats posed by information security incidents and impacts, PEGATRON had no breach of any customer’s privacy in 2018.
Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?
The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data
Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:
- Sustainable Development Goal (SDG) 16: Peace, Justice and Strong Institutions
- Targets: 16.3, 16.10
78% of the world’s 250 largest companies report in accordance with the GRI Standards
SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.
Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.
7 GRI sustainability disclosures get you started
Any size business can start taking sustainability action
GRI, ISEP, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom (venue: London School of Economics)
- Exclusive FBRH template to begin reporting from day one
- Identify your most important impacts on the Environment, Economy and People
- Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP.
- Benchmarking methodology to set you on a path of continuous improvement
See upcoming training dates.
References:
1) This case study is based on published information by PEGATRON, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:
http://database.globalreporting.org/
2) https://www.globalreporting.org/standards/gri-standards-download-center/
Note to PEGATRON: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.