About Semiconductor Cybersecurity Risk Rating Service
SEMI Semiconductor Cybersecurity Risk Rating Service is a ‘foundation for cybersecurity assessment’ inspired by the cybersecurity framework of the National Institute of Standards and Technology (NIST) in the United States, covering common security practices to serve as a standard template that familiarizes the semiconductor ecosystem with security maturity assessment and benchmarking, so as to create a unique competitive edge for your business!
Assist enterprises to assess risks from different perspectives - internet assets, network applications, human risks and internet assets exposed to risks, showcasing assessment results such as network domain risk posture, comparison of dark web intelligence, and external asset reports. Up to ten items such as human risks, endpoint, email, internet service, cloud service, and network applications will be evaluated, while scores of risk exposure levels and comparisons with peers will be shown to effectively understand strengths and weaknesses of cybersecurity both internally and externally.
A cybersecurity risk assessment general survey tailor-made based on security-related experiences collected from the industry is available for enterprises to conduct internal risk and vulnerability assessment.
Mitigation measures are advised for each risk item, which can be quickly re-evaluated after repair, so that enterprises immediately learn the optimization results and investment benefits.
The system continuously performs risk ratings on the tested domain during the lease period, and corporate users can keep track on the changes of risk index through the platform, so that senior management can have a better understanding of the improvement curve of corporate cybersecurity.
Enterprises can forward risk rating scores to business partners for them to understand how cybersecurity is protected internally, so as to deepen mutual trust.
SEMI 半導體資安風險評級服務每季開放一次申請,一年共開放四次,每次皆為 一年期 服務。
以下以 2026 年服務 為例說明:
【1/1 梯次】
- 服務期間:2026/1/1–2026/12/31
- 申請與付款截止日:12/15
【4/1 梯次】
- 服務期間:2026/4/1–2027/3/31
- 申請與付款截止日:3/15
【7/1 梯次】
- 服務期間:2026/7/1–2027/6/30
- 申請與付款截止日:6/15
【10/1 梯次】
- 服務期間:2026/10/1–2027/9/30
- 申請與付款截止日:9/15
Q1. 若有多位同仁需要登入平台,可以嗎?
可以。服務開通信件將寄送至線上申請時所填寫的聯絡人。
- SecurityScorecard 平台:
開通後,首位聯絡人(具 Admin 權限)可於平台內自行新增其他使用者。 - Panorays 平台:
請聯繫 [email protected],並提供欲新增的 email 以便協助開通。
Q2. 報告下載是否有次數限制?
沒有限制。您可在服務期間內不限次數下載報告。
Q3. 服務可以掃描哪些網域?
只要是企業所屬資產的公開網域皆包含在掃描範圍內。
Q4. SEMI 會員與非會員在使用此服務上有差異嗎?
服務內容完全一致。
- SEMI 會員: 可享有會員優惠價格。
- 非會員: 可依非會員價格購買服務。
SEMI 依企業類別與年營收收取年費。更多會員權益與說明,請參考 SEMI 會員服務資訊。
Q5. 服務內容是否包含顧問服務?
未包含。此服務性質類似「資安健檢」,協助企業找出可能的資安漏洞及弱點。企業可依據掃描結果,評估自身的資安政策與需求,再由企業內部資安人員或既有合作的資安廠商進行補強改善。
如有額外的顧問服務需求,歡迎聯繫 [email protected] 進行詢問。
SEMI半導體資安風險評級服務持續強化半導體產業供應鏈資安
申請方法
Industry-Standard Questionnaire and Third-Party Risk Scoring System
The SEMI Semiconductor Cybersecurity Committee Collaborates to Develop and Promote
adopted by key suppliers at the request of major industry players
James Tu, Chairman of SEMI Taiwan Semiconductor Cybersecurity Committee, Head of Corporate Information Security of TSMC, encouraged suppliers to use the Semiconductor Cybersecurity Risk Rating Service. He also said that since TSMC introduced ansaid that since TSMC introduced an assessment and security posture scoring mechanism for suppliers, many supplier information security vulnerabilities have been exposed and patched in a timely manner. This mechanism not only assists enterprises in monitoring supplier information security status but also provides supply chain information security benchmark comparison.
Types of Plan
Industry digital transformation has brought about numerous cybersecurity concerns. With the increasing smartification of devices and production lines, there is a growing risk of malicious network attacks. Defending against cybersecurity threats has become a common challenge for all industries, and supply chain security has gained significant attention in recent years. As emerging cybersecurity threats continue to rise, businesses are placing great importance on relevant cybersecurity solutions and standards to effectively enhance their defense mechanisms.
The introduction of third-party risk scoring and risk posture services for semiconductor cybersecurity risk assessment is applicable to all businesses. This service not only efficiently manages suppliers and monitors their cybersecurity postures but also provides comparisons of cybersecurity standards within the supply chain, contributing to the improvement of global supply chain information security.
Key features of the service include:
- Continuous monitoring for 365 days after service activation
- Access to risk rating records during the service period
- Risk assessment reports, including cybersecurity posture scores and industry comparisons
- Identification of issues and improvement recommendations
- SEMI cybersecurity evaluation
- Medium to long-term exposure assessment records (including new targets and historical monitoring records)
SEMI Member: 59,850 NTD / Non-Member: 115,500 NTD
Cybersecurity Risk Management System
SecurityScorecard Management System
To learn more about the risk rating and assessment report of the SecurityScorecard Management System, please refer to:
SecurityScorecardSecurityScorecard Service Report Sample (English)
SecurityScorecard Service Report Sample (Chinese)
Service Report Sample Overview
Panorays Management System
To learn more about the risk rating and assessment report of the Panorays Management System, please refer to:Panorays Service Report Sample
Industry User Testimonial
SEMI provides a comprehensive cybersecurity risk management solution, offering powerful tools and guidance before, during, and after incidents. After a year of implementation, we have not only identified potential cybersecurity vulnerabilities and weaknesses within our own systems but also leveraged SEMI’s industry influence to help our supplier partners understand the sector’s cybersecurity control requirements.
The SEMI Semiconductor Cybersecurity Risk Rating Service equips members with concrete measures to enhance cybersecurity, providing clear goals and direction. The monthly risk rating reports highlight areas for improvement, helping us successfully achieve our projected annual objectives.
ADD-ONS: OUR ADVANCED SERVICES
Consultation on Cybersecurity Enhancement
The technical team of CHT Security that has years of practical experiences in cybersecurity capacity building, hacking attacks and defense, and digital forensics and incident response (DFIR) will conduct in-depth analysis of the rating results, and provides suggestions and consultations. Corporate resources can thereby be allocated in a more precise and effective way, improving cybersecurity comprehensively and thoroughly.
To learn more about the Semiconductor Cybersecurity Risk Rating Service platform, please feel free to contact the following SEMI representatives at SEMI Taiwan.
Ms. Cindy Chen
(O):+886.3.560.1777 #116
Email: [email protected]
◼ SEMI provides comprehensive cybersecurity risk management tools and guidance for preemptive, active, and post-event measures. After a year of implementation, we were able to identify potential vulnerabilities and weaknesses within our system. Moreover, through SEMI’s influence, we successfully communicated the industry’s cybersecurity requirements to our supplier partners.
─ Macronix International Co., Ltd.
◼ SEMI's Cybersecurity Risk Rating Service offers members specific measures to enhance cybersecurity with clear goals and directions. The monthly rating reports highlight areas for improvement, helping us achieve our annual objectives effectively.
─ FOCI Fiber Optic Communications, Inc.
Cybersecurity Risk Rating Services
SecurityScorecard Management System
