Risk & Compliance Governance View

Risk & Compliance Governance View ()

說明法規限制如何驅動治理原則，並透過業務服務實現合規管理。
法規要求（如臺灣個資法 ）如何驅動 CISO 確立的 隱私設計原則 (Privacy by Design) 。
治理服務（如 Security Governance and Risk Control ）實現了 CISO 訂定的 ZTNA 原則 。
核心角色（Security Assistant Manager ）負責執行 重要的合規服務，如 PIMS 倡議 和 VRA（供應商風險評估），以最小化業務風險 。


Last Updated	2025-12-01
Last Updated By	Jason Kao


臺灣個人資料保護法 (BS10012)
Privacy by Design
PCI-DSS
數據最小化/去標識化
Zero Trust Network Access (ZTNA)
Information Security Governance and Risk Control
Privacy by Design
Security Assistant Manager
Personal Information Management System (PIMS) Initiatives
Information Security Governance and Risk Control
Vendor Risk Assessment (VRA)
Agile Technology Teams
Regional/Global ISR Teams
Emerging Cyber Threats
Information Security Strategies
Vendor Risk Assessment (VRA) Process
Minimize Business Risks
Identity and Access Management (IAM)
Technology Director
Maintain secure technology environment
Regional/Global ISR Teams
Cross-functional members
Security Guidance and Support
Information Security Strategies
Ensure compliance
ISO27001


		臺灣個人資料保護法 (BS10012)	Privacy by Design
		臺灣個人資料保護法 (BS10012)	Privacy by Design
		PCI-DSS	數據最小化/去標識化
		Information Security Governance and Risk Control	Zero Trust Network Access (ZTNA)
		Information Security Governance and Risk Control	Ensure compliance
		Information Security Governance and Risk Control	ISO27001
		Privacy by Design	Security Assistant Manager
		Security Assistant Manager	Personal Information Management System (PIMS) Initiatives
		Security Assistant Manager	Agile Technology Teams
		Security Assistant Manager	Regional/Global ISR Teams
		Security Assistant Manager	Regional/Global ISR Teams
		Security Assistant Manager	Cross-functional members
		Information Security Governance and Risk Control	Zero Trust Network Access (ZTNA)
		Information Security Governance and Risk Control	Vendor Risk Assessment (VRA)
		Vendor Risk Assessment (VRA)	Information Security Governance and Risk Control
		Emerging Cyber Threats	Information Security Strategies
		Emerging Cyber Threats	Information Security Strategies
		Vendor Risk Assessment (VRA) Process	Minimize Business Risks
		Identity and Access Management (IAM)	Zero Trust Network Access (ZTNA)
		Technology Director	Security Assistant Manager
		Technology Director	Maintain secure technology environment
		Security Guidance and Support	Cross-functional members
		Information Security Strategies	Maintain secure technology environment
		ISO27001	Ensure compliance