Information Security

Since 2024, information security personnel have been deployed, along with a firewall system, email backup system, computer room environmental control system, and network management system. A total of NT$1.5 million has been invested in information security management. Going forward, we will prioritize actions based on risk impact and cost of improvement to continuously enhance our information security capabilities and protect the company's critical information assets.

Information security management structure and responsibilities

Unit Name	Responsibilities
Information Security Specialist	Develop and implement information security management policies. Conduct information security risk assessment and management. Monitor information security incidents and report to the highest level.
Information security personnel	Perform security configuration and maintenance for systems, networks, and applications. Monitor unusual activity and promptly address security incidents. Conduct security education and training to enhance employee awareness.

Information Security Management Policy

System/Policy	content
Institutional norms	Establish company information security management system to regulate personnel operations.
Application of technology	Establish information security management equipment and implement information security management measures.
Personnel training	Conduct information security education and training to enhance internal colleagues' information security awareness.
Regular audits	Conduct information security audits regularly to ensure the implementation of information security.
Backup Service	The system has established a redundancy service, and data is backed up multiple times and stored off-site.

Specific management plan

Management plan type	Specific measures
Institutional norms	We have established a computer access permission document for employees, which includes employee information security behaviors. We regularly review relevant regulations annually to ensure they are in line with changes in the operating environment and make timely adjustments based on needs.
Application of technology	To prevent various external information security threats, the company not only adopts a multi-layered network architecture design, but also establishes various information security protection systems to enhance the security of the overall information environment.
Risk Management	Conduct risk assessments regularly and establish a comprehensive information security management system.
Physical protection	To maintain the security of physical information equipment, we strictly control access to and from the information room, purchase information security equipment, and subscribe to information security services to ensure the security of external communications.
Data backup	Data is backed up daily and stored synchronously on off-site devices.
Information security incidents	Establish an information security contingency plan and classify information security incidents into levels 1 to 4. Report security incidents at different levels to supervisors and conduct damage control with relevant personnel.
Information security promotion	Issue information security alerts from time to time to enhance employees' information security awareness.
Multi-layer protection	Build multi-layered security protection, continuously introduce innovative technologies, and internalize security controls into daily operational processes.
Firewall and Protection	Set up firewalls and intrusion detection and protection systems to block external intrusions.
Data access control	Regular update of system passwords, access rights control, remote login information system control, etc.
Audit and Evaluation	Regularly perform internal audits, CPA information reviews, ISO information audits, and information security assessments.
Email Management	Set up a backup email system to manage email security.
System Monitoring	Regularly review the system logs of network services and information systems to track abnormal data access.

Back