Delta has a Chief Information Security Officer (CISO), who is the highest-ranking person in charge of information security. The CISO is responsible for supervising the execution of company-wide information security operations, ensuring the effectiveness of information security risk management mechanisms, and reporting the overall information security implementation status and effectiveness to the Board annually. This ensures that information security policies and controls are implemented at Delta Group’s business groups worldwide. The CISO reported the status of Delta’s information security governance to the Board of Directors on April 30, 2024.
Regarding information security and personal information management, Delta established the "ISMS and PIMS Steering Committee", which holds regular meetings every year to supervise the overall information security and personal information management status of Delta Group in order to effectively discuss and identify information security and personal information issues and related risks. To ensure that Delta Group's information security management can continue to operate effectively, and to properly protect business secrets and customer information, preventing their confidentiality, integrity, accuracy, and availability from being intentionally or negligently damaged by internal or external personnel, Delta established the “Information Security Steering Committee". The Committee convenes regular meetings every quarter to discuss the information security issues and business needs of different regions and determine required resources and action plans. The Committee is chaired by the CEO, with CISO as the convener. The COO, senior executives from business groups around the world, and regional senior executives are all committee members. In addition, in order to achieve the effective promotion and implementation of information security operations within the group, Delta established the "Information Security Task Force" in 2023, with managers assigned by each business group to promote information security. In its regular bimonthly meetings, the task force not only discusses information security-related issues, but also promotes information security campaigns launched by the headquarters, thereby enhancing colleagues' information security awareness.