Information and Communications Security
Cyber security
Cybersecurity is an important pillar of modern business operations and is critical to ensuring the integrity, confidentiality, and availability of enterprise data. The Company has established an information security policy. Standardize the measures and strategies in terms of information security to ensure the stability and compliance of the company’s business operations and defend against all kinds of potential security threats.
Information Security Policy
Security Policies & Standards :
- Develop and implement ICT security policies that cover all aspects of the business.
- Regularly review and update security policies to respond to new threats and technological developments.
Employee Training & Awareness Enhancement:
- Regularly carry out safety training for employees to improve the safety awareness and skills of all employees.
- Organize security drills and simulated attack tests to enhance employees’ ability to respond to security incidents.
Information and communication security management framework
- An information security team was established, with the Chief Financial Officer and the Head of Corporate Governance serving as the conveners of the group, and the personnel of the Information and Communications Security Department serving as members of the information security implementation team. Responsible for formulating the Group’s internal information security policy, planning and implementing information security protection, and cooperating with the information department of the Group’s subsidiaries to promote information security policy and implementation.
- Hold regular meetings at least every six months to review and decide on the implementation of important information security and information protection policies and plans, set priorities according to the magnitude and probability of risk impact, and the cost of improving risks, adopt the PDCA method to plan, implement, review and act in a circular manner, and establish information security key performance indicators to ensure that the Group’s information security policy objectives are achieved.
Risk management
- Conduct regular risk assessments to identify and assess possible security threats and vulnerabilities.
- Based on the results of the risk assessment, formulate corresponding risk response plans and measures to reduce the impact of risks.
Technical security measures
Cybersecurity
- Deploy firewalls, intrusion detection, and prevention systems to monitor and prevent unauthorized access and attacks.
- Use a virtual private network (VPN) to secure remote connections and ensure secure data transmission.
Data Protection
- Encrypt the storage and transmission of sensitive data to ensure the confidentiality of data at rest and in transit.
- Make regular data backups to ensure quick recovery in the event of data corruption or loss.
System security
- Regularly update and patch security vulnerabilities in operating systems, applications, and devices.
- Deploy antivirus and antimalware tools to monitor and prevent malware.
Emergency response and recovery
Emergency contingency plan
- Develop a detailed information security incident response plan covering different types of security incident response processes. The Company’s information security incident reporting procedures are as follows, and the reporting and handling of information security incidents shall be carried out in accordance with this procedure.
- Set up an emergency response team to ensure that security incidents can be quickly responded to and dealt with.
Disaster recovery plan
- Develop a disaster recovery plan to ensure that business operations can be quickly restored after a major incident.
- Regularly test and rehearse your disaster recovery plan to ensure it is effective and operational.
Compliance & Audit
Compliance
- Ensure that ICT security measures comply with relevant laws, regulations and industry standards.
- Conduct regular internal audits to check the compliance and effectiveness of ICT security measures.
External Audits
- Engage a third-party organization to conduct a security audit to evaluate and improve existing security measures.
- Based on the audit results, we will formulate improvement plans and measures to continuously improve the level of information security.
The Company will continue to strive to improve the level of information and communication security management, and ensure the security of enterprise information assets and the stability of business operations through sound security policies, advanced technical measures and effective risk management strategies. In the future, we will continue to pay attention to the latest developments in the field of information security, and continue to improve and optimize our security measures to cope with ever-changing security threats.
2024 Information Security Education and Training Statistics
| The name of the information education training course | Object | Number of participants | Training hours | Coverage rate |
|---|---|---|---|---|
| Information Security Advocacy | All employees (62 in total) | 46 | 1 | 74% |
Note: Coverage rate = number of participants / number of people who should participate
Information Security Management Effectiveness Table
| Classify | 2022 | 2023 | 2024 |
|---|---|---|---|
| The number of major information security incidents | 0 | 0 | 0 |
| The number of data breaches | 0 | 0 | 0 |
| Number of employees or customers affected due to information leakage | 0 | 0 | 0 |
| Amount of fines imposed for information security incidents (NT$) | 0 | 0 | 0 |