Home - Corporate ESG - Corporate Governance - Information Security
Information Security
Information Security Structure

The Company’s information department is responsible for coordinating and implementing cyber security policies, publicizing information security information, and enhancing employees’ cyber security awareness. The audit office conducts cyber security audits on the internal control system every year to evaluate the effectiveness of the internal control of the company’s cyber operations.

Information Security Policy

To establish the company’s cyber security system management principles to enhance the security of cyber operations.

To ensure the confidentiality and integrity of the information.
To ensure that appropriate data access is extracted according to the authority of the department to avoid accidental leaks of data.
To ensure the continuous operation of the information system and avoid improper human or accidental damage.
Maintain the security of the physical information environment.
Regularly perform cyber security audits to ensure the implementation of information security.

Allocation of Resources for Information Security Management

Corresponding Information Security Management Matters:

Key Issue: "Information Security Management" is identified as one of the "Key Issues" in the Company's 2023 ESG Report.
Dedicated Organization: The "Information Department," tasked with information security, appoints an "Information Security Manager" and an "Information Security Officer" to develop and revise information security policies, as well as to plan, coordinate, and implement information security measures.
Stakeholder Issues: There were no significant information security incidents or breaches of confidential data occurred in 2022 and 2023, which resulted in no losses to the Company or the clients.

Resource Allocation Plan for Information Security Management:

Annual payment of fees for timely updating antivirus software on all computers to prevent hacker intrusions.
Conduct system data recovery tests at least once a year.
Perform daily system data backups.
Information Security Act
Network Security Management
Set Up a Firewall
To install antivirus software and scan the computers regularly for viruses
The use of various network services should be implemented in accordance with the company's network use regulations
Recovery strain mechanism
Develop a system recovery plan
Establish a system backup mechanism and implement off-site backup policies
Regularly conduct system recovery operations every year
System Security Management
Each user has their own account and password, and the account is updated immediately when logging out or switching accounts
To give different access rights according to the user's job requirements
Remote access to the management information system needs to be approved by the appropriate authority
Remove or wipe confidential, sensitive data and copyrighted software before the device is retired
Information security promotion
Require regular password changes to maintain account security
Promote information security precautions from time to time to improve employees' awareness of information security
Recovery and Response Mechanisms
  • Proposed system recovery plan
  • Establish system backup mechanisms
  • Regular drills
Network Security Management
  • Set up firewalls
  • Install anti-virus software
  • Network use specifications
System Security Management
  • Individual user accounts
  • Designated access rights according to job responsibilities
  • Remote login access management
  • Proper data deletion process
Information Security Promotion
  • Change user passwords regularly
  • Irregular information security awareness promotion