:::
TSMC implements strategy to protect and manage customer’s confidential information to create a secure manufacturing environment.
TSMC implements strategy to protect and manage customer’s confidential information to create a secure manufacturing environment.

Information security and proprietary information protection (PIP) are TSMC's commitments to its customers. In order to provide customers with the highest level of protection equivalent to their own factories, TSMC is committed to creating a chip manufacturing environment that provides both production efficiency and information security defense. TSMC implements four strategies to protect and manage customer confidential information, including evaluation and audit, system design, security control, and mechanism review. In response to the high-security chip product requirements of different customers, TSMC actively obtains ISO/IEC 15408 international standard under the Common Criteria for Information Technology Security Evaluation. As of February 2024, a total of ten TSMC fabs have passed the Germany Federal Office for Information Security (BSI) ISO/IEC 15408 site certification EAL6 level, receiving international recognition for TSMC's fab security protection. Among them, the newly-built fabs, Fab 18A, Fab 18B, and Advanced Backend Fab 6A, have established a security protection system in advance and obtained certification during the initial operation phase. They can accept and produce security chip products at any time to help customers accelerate their time-to-market.

Customer Confidential Information Protection is an Important Part of TSMC's Customer Service
TSMC Strengthens Information Security Defense to Enhance Customer Information Protection

Four Strategies to Improve Security Management and System Resilience

To properly protect customer’s confidential information, TSMC has established a dedicated information protection team to continuously improve security management measures. In the R&D stage, TSMC designs confidential information protection and transmission systems to meet customer security requirements. During the manufacturing process, TSMC checks all control points for physical security and information security measures in the fab area, covering three aspects of logical control, physical control, and authorization control. TSMC fully implements security control mechanisms and conducts reviews by customers on confidential information protection and transmission systems and management procedures to ensure the quality of security protection.

Process of Customer Confidential Information Protection
TSMC Strengthens Information Security Defense to Enhance Customer Information Protection

TSMC provides a secure chip manufacturing environment and process, which ensures that our company's products produced by TSMC have reliable security protection.

Werner GutauHead of CSS Security, Infineon Technologies AG

Continuously Obtaining Fab Site Certifications to Help Customers Capture Market Opportunities

TSMC strives to deepen customer trust and establish more profound, long-term partnerships through close collaboration and communication with csutomers. In 2023, TSMC completed security-related questionnaire evaluations from 21 customers and passed six customers' security evaluation reviews. The Company was also invited by five customers to share its experience in security management, covering topics such as email security, security education and training, personnel security, information network architecture, patch management, and security incident response. Through mutual exchanges, TSMC and its customers can enhance the industry's level of security protection. Moreover, TSMC continues to obtain ISO/IEC 15408 site certifications, which allow customers to save time from applying certifications for each individual product. This not only improves the quality of security management in the manufacturing environment but also helps customers accelerate product time-to-market. In 2024, TSMC's new Advanced Backend Fab 6B and 6C, are expected to pass certification. TSMC will work with its customers to capture market opportunities through strengthening its capabilities to protect security products of customers.

TSMC is committed to obtaining ISO/IEC 15408 site certification to help customers save time and costs associated with product certification and accelerate product time-to-market. We will continue to strengthen physical security of each fab, creating an efficient mechanism to protect customer’s confidential information and security.

Max LinDeputy Director of Proprietary Information Protection Division at TSMC

Related Cases

StayConnected
Stay
Connected
Subscribe ESG Newsletter