Some illegal persons cast greedy eyes on the telecommunication companies because of its communication, Internet and a large amount of users’ data. Therefore, the company’s business secrets and users’ data are frequently leaked and crisis of social credit are occurred. The study aims to study the telecommunications to explore the F Telecom’s concrete measures to protect the consumers’ data under the structure of ISO 27001 Information Security Management Systems (ISMS). Besides, ISO 27001 contain 11 control domains, 39 control objectives, 133 controls and the inspection items of ISO 27011. The research seeks to find out the relevance between ISO 27001 and Personal Information Protection Act (PIPA), then collate and analyze the data.
The study shows that telecom use the existing ISMS structure to arrange the following processes, including Privacy Impact Assessment (PIA), definition and identification of personal data, the value criteria of personal data and the life cycle of personal data. It definitely can reinforce the security and control for the case company. In addition, for telecommunication companies, six domains and twenty-four measures are correlative with PIPA in ISO27001. There are two items for each compliance and human resources security there are three for each asset management and access control there are five items for Information security incident management, and there are nine items for communications and operations management. Hence, the telecom companies can invest more resources on the control measures when they plan to protect the PIPA.
Besides, the research finds that the case company passes the ISO 27001 certification. They need to review the existing ISMS structure and build their operation procedures to make up its insufficient parts. They do not need to use the new authentication mechanism.
