(Please select preffered language)
Main Content

Information Security Policy

CHINA AIRLINES Information Security Policy

Last updated on 18 Jul, 2025

 
Purpose
CHINA AIRLINES (hereinafter referred to as the "company") has developed this policy to maintain the security of the company's information and information assets, prevent unauthorized infringement, keep their confidentiality, integrity and availability.
 
Scope
The management of information security for the company's information systems and information business shall be conducted in accordance with the requirements specified in this policy.
 
Applicable Personnel
All employees and outsourced supplier personnel shall familiarize themselves with the content of this Manual and related management procedures, and implement requirements related to information security management.
 
Informaiton Security Objectives
  1. Obtain international standard certification, continuously improve the company’s information security management system, and maintain its effectiveness.
  2. Implement the information asset management and information security risk management so that confidential information can be protected during transmission and storage.
  3. Prevent the information assets from unauthorized tampering and maintain the integrity of information through the information security protection and control measures.
  4. Achieve the continuous availability of information asset operations through the information security incident notification, response, exercises and continuous operation plans.
  5. Regularly implement information security training to deepen all colleagues' information security awareness, thereby promoting the establishment of individual information security responsibilities."
 
Management Review
This policy is adjusted and revised according to relevant regulations and information business needs.
 
Information Security Management System
The company has implemented an Information Security Management System in accordance with the ISO 27001 international standard. Core information systems and data networks associated with passenger airline reservations, ticketing, and marketing operations have been audited and certified by SGS Taiwan.