Taishin FHC Corporate Social Responsibility Report 2019

41 Sustainable Governance Taishin Bank Information Business Continuity Team Information System Recovery Plan Business Impact Analysis is used to determine the target time for recovery, tolerable data loss time and recovery priorities, and to assess in advance the minimum resource requirements. Minimum Resource Requirements (MRR) refers to the assessment of the backup resources required to recover operations to an acceptable minimum level. MRR includes staff, office space and facilities, computer equipment, software, applications, systems communication equipment, computer networks, important documentation, electronic files, paper files, means of transportation, stationery, etc. MRR should be sufficient to continue operations for a period of time. In principle, at least one drill is held every year and if necessary, drills may be conducted twice a year. For details , please see page “Drills and tests” on page 42 of this report. Business Impact Analysis (BIA) Minimum Resource Requirements (MRR) Damaged Data Crashed Operating System No Service in the Server Room Information Security Department Deputy Commander: Director of Information Services System group Network Group Liaison Group Application System Processing Group On-site processing Group Central Commander: Bank President Taishin Bank Computer System Incident Response Team Contingency Funding Plan Taishin has an appropriate backup plan in place for various levels of damage to the information system. This plan can be roughly divided into the following three types: In addition, Taishin Bank has a business continuity team for IT operations and a computer systems emergency response center to safeguard business continuity and deploy information security incident response capabilities in real time, collect dynamic intelligence on IT threats worldwide, and analyze vulnerability to threats. If a threat occurs, a security threat alert is issued immediately, and an emergency response action for security incidents is taken based on the threat levels. We also plan to complete the introduction of digital forensic procedures in 2020. When information security incidents occur, we will follow digital forensic operation standards to collect and retain digital evidence, which can strengthen the integrity and usability of evidence, bolster analysis, processing, and evidence collection, evidence strength, and the legal effect of evidence in the event of an incident. Taishin Bank has an Emergency Response Team to ensure that during a liquidity crisis, the bank can transfer funds within the planned time to fulfill contractual payment obligations and to respond to the bank’s capital needs. The President of Taishin Finan - cial Holding is the convener of the Emergency Response Team, and the Chief Financial Officer is the deputy convener. ● Switch to manual processing ● Carry out a data reversal operation ● Assess the scope of impact, start response operations, and temporarily switch manual processing methods ● Start backup hosting ● Activate the remote backup system and network connections in accordance with procedures Tests and Drills Command Center Media Relations Group Legal Affairs Group Insurance Affairs Group Disaster Response Group Network Group System Recovery Group Liaison Group Information Security Contact of each unit