Disclosure of information security management
I、Information security management strategy and framework:
(I) Information security risk management framework
The Company has an Information Department in place, lawfully staffed with a dedicated managerial officer and information security personnel responsible for information
security management, policy formulation and implementation, as well as planning, execution, and handling of information security related matters.
(II) Information security policy
1. Ensure normal operation of information equipment, information system and network protection.
2. Ensure data integrity of the Company to avoid confidential data leakage.
3. Important data shall be encrypted with regular password change to avoid appropriation or plagiarism.
4. Increase the awareness of related personnel on information security for an environment of continuing data service and fulfillment of related requirements by laws.
(III)Specific management actions:
1. Data access is controlled according to the responsibilities of each department and job position. Authorization from responsible managers shall be granted when an
application to change access is submitted, while user accounts and passwords are used for control.
2. Implement door access control at information equipment room and set up backup server and remote backup mechanism.
3. Constantly update anti-virus software and virus signature, and have firewall management in place to monitor risk from internet.
4. Strengthen awareness among all employees about internet scams, malicious emails, and phishing emails through education to protect them from potential losses.
5. Work with information security service providers to regularly inspect information security notification and weekly report and fix any vulnerability as soon as possible.
6. Be prudent for disposal of information storage equipment and keep record to prevent information leakage.
7. Require all employees to comply with laws, enhance their awareness of information security, and sign an employment contract, which includes Article 3 detailing
contractual responsibilities and confidentiality agreements.
(IV)Resources invested in information security management:
1. Internal auditors evaluate if the internal control policy for information cycle is properly implemented every year.
2. Purchase and continuously renew anti-virus software to ensure valid protection and boost information security.
II、Significant information security incident:
There was not any significant information security incident in 2024.
