TOP
ESG

Customer Relationship Connections

Continuously innovating service content and types to create thoughtful services that exceed customer expectations is the driving force for THSRC's continuous improvement. We have prepared a dedicated management department to open up multiple communication channels to respond to passengers' needs in real time, deepen customer relationships, provide online consultation by Artificial Intelligent Customer Service, corporate website e-mail message and other functions, and configure the customer service line service with Mandarin/ Taiwanese / English responses. The current Feedback Collection Channels and Customer Service Operations System are detailed in the figure below.

Current Feedback Collection Channels and Customer Service Operations System

THSRC has set up a Current Customer Complaint Resolution Mechanism to not only provide immediate consolation and attention but also submit customer feedback to the quality management authority and responsible unit of each department and the cross- departmental customer opinion review meeting, so as to truly incorporate customer feedback into management and implement improvements. In 2023, the inbound passenger service center and the use of Artificial Intelligent Customer Service inquiries were about 750,000 cases, and the main consultation items were about ticketing, lost items and high-speed rail promotions. Part of that, Artificial Intelligent Customer Services received 250,000 (accounted for 34%) inquiries or applies for timetables, ticketing problems, guide for travel, properties lost and found services.

Current Customer Complaint Resolution Mechanism

Information Security Management

Affected by geopolitical turmoil and volatile digital crimes in recent years, THSRC has actively implemented information security, established the “Information Security Management Committee” in 2017, and appointed information security officers from the Company's interdepartmental office to hold information security management review meetings every six months and convene information security officer meetings every quarter. We review the development direction, strategy and related implementation results of information security, so that the information security management system continues to operate steadily.

A total of two information security management review meetings and four information security representative meetings were held in 2023. The information security governance report and results have been recorded in the report of the 2nd Board of Directors of the tenth session in 2023. For more information about the policies and management plans related to information security, please refer to THSRC Enterprise Website.

THSRC Information Security Management Framework

Implementation of personal information Security Maintenance Measures

Safety Maintenance Measures for Personal
Information Protection Management		 Personal Information Management Measures and
Implementation Results in 2023
Establish a management organization
and allocate considerable resources		 Segment representatives formed the “Personal Information Protection Implementation Group.” As of 2023, there were 19 personal information representatives and a personal information representative meeting is held every quarter, and a total of fourmeetings were held in 2023.
Risk assessment and management
mechanism for personal information		 A three-level management model is adopted as per the security level of personal information files, and risk identification and assessment of personal information files were conducted every year, and personal information files inventory audits were performed twice every year, to maintain the correctness of the “Personal Information File Inventory.”
Information security management and
accident prevention, notification, and
response mechanisms		 Information is divided into three types: written forms, electronic files, and system files, and relevant regulations on personal information security incident response, a complete notification mechanism, and a review and improvement policy have been formulated. As of 2023, no personal information security incident occurred.
Awareness promotion, education and training One hour of education and training for new employees and one hour of annual training for all employees.
Equipment safety management Terminal equipment (including personal computers, notebook computers, and mobile devices) and various types of servers are all handled in accordance with THSRC's relevant information security management regulations.
Overall continuous improvement of personal
information security maintenance		 The annual audit results are regularly reviewed at the personal information representative meeting and reported to the review meeting of the Information Security Management Committee.

THSRC continue to strengthen security operations in 2023, such as the use of the Virtual Private Network (VPN) and the employee remote work emergency measures and security are listed below to improve the THSRC information communication security environment:

Availability and Stability

  • Ensure employee portal availability: Increase equipment capacity to ensure sufficient employee connections, and adjust the system to a high-availability architecture.
  • Increase network bandwidth: Increase network bandwidth and circuit redundancy to increase the number of employee connections with improve network connection stability.
  • Cooperate with the national information and communication security operation: restrict the use of products that threats the national information and communication security, inventory the company's internal information and communications equipment, conduct replacement operations; while we cannot require suppliers to replace the restricted Chinese branded equipment immediately, we have reached an agreement for suppliers to replace them at the end of the products' lives, and strengthen the management of information security.

Security

  • Strengthen the security authentication of the portal website system: Two-factor authentication is adopted for employees who log in to the Company's intranet from the external network. The employee account number, password and One Time Password (OTP) are required for authentication, and the time limit of OTP is shortened while the length of OTP is increased.
  • Improve VPN to high-availability architecture: In case of any abnormality, the VPN device will complete the switch within one second. After the switch is completed, the password and One Time Password need to be re-authenticated.

Monitoring Mechanism

  • Strengthen VPN connection monitoring: VPN uses two-factor authentication to monitor the connection source IP. In case of any abnormality such as the connection source IP is detected from a place outside Taiwan and intensively requests for login in a short period of time, the firewall will control and block the connection IP.
  • Integrate information security monitoring mechanism: Integrate the main systems, endpoints, networks, and security and reconnaissance threat monitoring information of information technology (IT) and operation technology (OT), analyze the status of threats in real time, introduce information security solutions such as abnormal alarms and defense disposal, and monitors and reports full-time through the information center computer room.
  • Track the usage of highly privileged accounts and endpoint devices, detect abnormal operations and potentially malicious activities, improve threat sensitivity, detect and contain the spread of attacks early, ensure system security, and reduce the damage caused by insider threats.

In response to the "Accelerating Digital Optimization and Moving Towards Digital Transformation" aspect of the six strategic directions of THSRC in the medium and long term, while accelerating digital innovation and transformation, we have formulated four development strategies for high-speed rail information technology, including management information digital optimization, maintenance management digital optimization, operation management digital optimization, and marketing digital optimization. The projects and goals we planned to introduce are as follows:

  • Management Information Digital Optimization: Build off-site backup mechanisms to improve service availability and introduce IT asset and configuration management platforms to ensure consistency of service data, as a way of increasing automation and saving manpower, while building and promoting a low-code integration platform and automation equipment to improve efficiency, expand production capacity and reduce labor costs.
  • Maintenance management digital optimization: Establish high-speed railway geographic map to quickly obtain the corresponding mileage assets and maintenance records information, and continue to collect track, tramway and power system detection and maintenance data, and analyze the data to establish the basis for predictive maintenance operations and provide a coordinating mechanism for track maintenance area scheduling to further improve maintenance efficiency.
  • Digital Enhancement of Operations Management: Establish a new generation ticket booking service system to meet market demand, import cloud computing into station equipment, and improve service timeliness.
  • Digital Marketing Optimization: Enhance the Company's revenue through accurate marketing and the establishment of a new business model platform, while developing the T Express sales model to provide diversified ticketing services and enhance market competitiveness.