CASE STUDY

Proprietary Information Protection

TSMC understands Proprietary Information Protection is the key to maintaining TSMC's current and future competitive advantages. Therefore TSMC not only established its Proprietary Information Protection policy and related regulations to control and manage TSMC trade secrets, but also implemented the management mechanism of PDCA (Plan-Do-Check-Act) to enhance the capability of Proprietary Information Protection and employees' awareness to ensure the best interests of the company, shareholders, employees, customers and suppliers.

Plan Establish guidelines, management procedures and regulations
Do Enforce Proprietary Information Protection controls Conduct awareness training and promotions
Check Perform regular audits and handle violations
Act Improve defects to strengthen the capability of Proprietary Information Protection

In addition, TSMC adopted special security management in IC manufacturing processes to not only comply with customers' security requests but also passed relevant security audits and certifications. For example, F14A obtained ISO 15408 site security certification in 2016 to provide more secure protection of IC manufacturing process on security products such as chips on identity certification, as well as debit card and credit card for customers. Moreover, TSMC passed all security audits in 2016 from customers to further enhance the trust and partnership between TSMC and customers.

2016 Proprietary Information Protection Enforcement Result

1,000

Invited over 1,000 suppliers to six PIP promotion and communication sessions

100%

All newcomers completed Proprietary Information Protection training courses

9

Newly created or revised nine Proprietary Information Protection regulations to ensure more robust Proprietary Information Protection

45,000

Over 45,000 employees completed Y2016 Proprietary Information Protection annual refresh e-learning course

Course content:

  • PIP policy and regulations
  • PIP prohibited item rule communication
  • Physical security and badge regulations
  • Tips for confidential information transmission and sharing
  • How to correctly operate computer devices and access networks
  • PIP violation case studies and reminders
2
million headcounts

Conduct PIP audits over two million headcounts monthly

  • PIP prohibited item inspection
  • Physical access compliance check
  • Confidential information handling
  • Email handling
1%

Employee PIP violation rate: 1%

Main Cause: individual negligence or failure to comply with PIP procedures

Corrective actions:

  • Reinforce PIP promotion and communication
  • Enhance outgoing email and document printing management
  • Review users' access privilege to information