The case for CSR/ Sustainability Reporting Done Responsibly


Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How PEGATRON promotes information security

Case study: How PEGATRON promotes information security

Founded in 2008, PEGATRON is a global leader in DMS (Design, Manufacturing and Service), offering assembly service to customers on a wide range of electronic products in computer products, communication products and consumer electronics. As an excellent partner in green design, manufacturing and service for its customers, protecting customers’ privacy and intellectual property is regarded as a very important duty in PEGATRON  Tweet This!.

This case study is based on the 2018 Corporate Social Responsibility Report by PEGATRON published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.

Layout 1Abstract

To show its determination towards information protection for the products, assets and data of its customers, PEGATRON’s CEO approved its Confidentiality Policy in 2010, to make sure that all information about the products and data of customers is kept confidential. In order to promote information security PEGATRON took action to:

  • establish an enterprise level security information task force
  • provide training

What are the material issues the company has identified?

In its 2018 Corporate Social Responsibility Report PEGATRON identified a range of material issues, such as economic performance, environmental compliance, labour/management relations, ethics and integrity, effluents and waste. Among these, promoting information security stands out as a key material issue for PEGATRON.

Stakeholder engagement in accordance with the GRI Standards                                                    

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups PEGATRON engages with:

Stakeholder Group                Method of engagement


·      Supplier Conferences

·      Customer Audits

·      Regular Meetings

·      RBA-Online

·      Customer Websites/Platforms

Employee ·      Regular Meetings

·      Internal Website

·      Internal Publications

·      Announcements

·      Grievance Box

·      Coff­ee Talks

·      Hotlines

·      Labour-Management Meetings

Investor ·      Monthly Business Reports

·      Shareholders’ Meetings

·      Investor Conferences

·      Annual Reports

·      Market Observation Post System (MOPS)



·      Supplier Conferences

·      Supplier Audits

·      Supplier Relationship Management

·      External Communication Mailbox

·      RBA-Online

Community ·      External Communication Mailbox
Competitor ·      Conferences
Government ·      Public Hearings on Policy

·      Questionnaires & Interviews

·      Projects and Initiatives

·      Conferences




·      Press Conferences

·      Press Releases

·      External Communication Mailbox

NGO ·      Participate Organisations

·      Conferences

·      External Communication Mailbox

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics PEGATRON collected stakeholders’ suggestions through questionnaires.

What actions were taken by PEGATRON to promote information security?

In its 2018 Corporate Social Responsibility Report PEGATRON reports that it took the following actions for promoting information security:

  • Establishing an enterprise level security information task force
  • To meet customers’ requirements for information security, and protect customers’ privacy and intellectual property, PEGATRON has established an enterprise level security information task force for governing the data, reduce the risk level and meet its customer needs. PEGATRON rigorously reviews data, business application, the operation system, intranet, extranet, physical environment, procedures & policy and carries out complete control when creating an account, requiring a password, applying and setting the access authority, applying an ID, limiting log in authority, recording audit records and getting multiple certifications. For the actual construction and building protection of information assets, PEGATRON controls the security in all accesses strictly and implements the Disaster Recovery System. Additionally, PEGATRON implements the structure of the high-availability system to ensure information continuity. PEGATRON uses an encryption system to protect and control the access authority for confidential and sensitive documents, and also adopts an encryption and private communication protocol to ensure the confidentiality of important data.
  • Providing training
  • In addition to periodical backup, PEGATRON implements a remote backup mechanism to ensure the completeness of data preservation. To enhance the awareness of security for all relevant personnel, PEGATRON not only propagates information security and confidentiality periodically, but also carries out relevant customised training programmes for different personnel, according to their operations. These include security operation concept introduction, standard operating procedure introduction, crime prevention and compliance with the security policy. Moreover, employees whose operations are related to confidential information need to sign confidentiality agreements, and have the obligation of accepting information security audits. To ensure the effectiveness of the information security management system, PEGATRON conducts internal audits annually, to meet customer requirements. Through continuous improvement and the reduction of threats posed by information security incidents and impacts, PEGATRON had no breach of any customer’s privacy in 2018.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:


80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

FBRH GRI Standards Certified, IEMA & CIM recognised Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI Standards Certified, IEMA & CIM recognised course you will be taking the first step in gaining the many benefits of sustainability reporting.

Most importantly, you will gain the knowledge to use the GRI Standards, project manage your own first-class sustainability report and:

  • Identify your most important impacts on the Environment, Economy and Society
  • Begin taking solid, focused, all-round sustainability action ASAP



1) This case study is based on published information by PEGATRON, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:


Note to PEGATRON: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.