Information Security
Information Security Risk Management Framework
- Information Security Organization and division of authority and responsibility
The Company shall delegate authority and responsibility to relevant departments and personnel in accordance with the following principles:
- Information Security Risk Assessment
Evaluate possible risks and opportunities related to information security in the Company's business operations and adopt control plans to maintain operations and ability to provide appropriate information services.
For the management and control plan, the Company has proposed the indicators measuring the availability, confidentiality and integrity of information security in the information security risk items and performances of the Risk Control and Management Subgroup of the Corporate Governance Group, and used these indicators as a basis for whether the information security risk management and control are achieved quarterly.
The operation status of the Risk Management Subgroup for 2024 has been reported in the 20th meeting of the 5th Board of Directors held on February 24, 2025.
Cyber Security Incident Reporting Procedures
Information Security Policy
The policy is established to protect the Company's information assets from various threats and damages, provide reliable information and communication services, ensure the confidentiality, integrity and availability of information assets, and smoothly carry out the Company's various businesses in order to protect the Company's interests. With the joint efforts of all colleagues, we strive to achieve the following goals:
- Prevent information security threats and reduce the risk of information security incidents.
- Protect company data from improper use and access and prevent the leakage or loss of sensitive and confidential information.
- Improve the performance of information equipment and systems to ensure the proper operation of information systems.
- Ensure that the Company's information business is carried out in compliance with the law.
Management Programs
- Eight Specific Protection Measures
Security management of computer system.
- Security management of user control
- Security management of data, files, and programs
Cyber security management.
- Network transmission control.
- System connection control.
Information security management of e-mail usage.
- Relay deny mechanism
- Isolation of malicious email
System access control management.
- Control system permissions
- Data leakage prevention
System development and maintenance of security management.
- Maintenance of security supervision
- Confidentiality regulations for operation vendor
Security management of information asset.
- Asset custody
- Strictly prohibited illegal software
Control of computer viruses and malware.
- Virus protection mechanism
- Information security seminar and training
Business sustainability plan
- Implementation of data backup
- Emergency response mechanism
- Join the Organization for Joint Industry Prevention
The Company joined the Taiwan Computer Emergency Response Team / Coordination Center (TWCERTCC).
Human Resources
The Company has established supervising chiefs, supervisors and specialists, totaling 6 people. The Company prepares training budgets for supervisors and specialists to attend information security-related training or courses every year.
Budget (Unit:NTD1,000)
Price and percentage (%) of information security budget for 2023-2025.
2023 Information security budget
2024 Information security budget
2025 Information security budget
Information Security Meetings
Every Monday, the supervisor will convene a meeting with the information security staff to review the information security issues and policies, and report the relevant information security issues to the senior management meeting every quarter; in case of a major information security incident, the supervisor will immediately convene a meeting to deal with and review the situation.