A Study on the Integration of ISO 27001 & 27011 and the New Personal Information Protection Act in the Telecom Enterprises in Taiwan

Due to the flourishing development of mobile communications, Internet businesses, and mobile broadband, handheld mobile communications equipment is commonplace and the number of mobile phone users and fixed-line broadband users is growing rapidly every day. As the telecom industry stores massive amounts of users´ personal Information, operators need to uphold users´ trust in them, so users can enjoy the telecommunication services worry-free! Personal information security is of major concern in society today and also a social responsibility of enterprises. In response to the new Personal Information Protection Act in Taiwan, how carriers with imported information security management system can integrate the new Personal Information Protection Act to achieve their custodial responsibility must be discussed. Through the key management elements of ISO27001 & ISO27011 that correspond to the norms set to the appropriate security maintenance measures in Article 12 of the new Personal Information Protection Act Enforcement Rules in Taiwan, how carriers can strengthen management and educational training in compliance with the Act also requires discussion in Taiwan.