Home - Corporate ESG - Corporate Governance - Information Security
Information Security
Information Security Structure

The Company’s information department is responsible for coordinating and implementing cyber security policies, publicizing information security information, and enhancing employees’ cyber security awareness. The audit office conducts cyber security audits on the internal control system every year to evaluate the effectiveness of the internal control of the company’s cyber operations.

Information Security Policy

To establish the company’s cyber security system management principles to enhance the security of cyber operations.

To ensure the confidentiality and integrity of the information.
To ensure that appropriate data access is extracted according to the authority of the department to avoid accidental leaks of data.
To ensure the continuous operation of the information system and avoid improper human or accidental damage.
Maintain the security of the physical information environment.
Regularly perform cyber security audits to ensure the implementation of information security.


Allocation of Resources for Information Security Management

Corresponding Information Security Management Matters:

Key Issue: "Information Security Management" is identified as one of the "Key Issues" in the Company's 2023 ESG Report.
Dedicated Organization: The "Information Department," tasked with information security, appoints an "Information Security Manager" and an "Information Security Officer" to develop and revise information security policies, as well as to plan, coordinate, and implement information security measures.
Stakeholder Issues: There were no significant information security incidents or breaches of confidential data occurred in 2022 and 2023, which resulted in no losses to the Company or the clients.


Resource Allocation Plan for Information Security Management:

Annual payment of fees for timely updating antivirus software on all computers to prevent hacker intrusions.
Conduct system data recovery tests at least once a year.
Perform daily system data backups.
Information Security Act
Network Security Management
Set Up a Firewall
To install antivirus software and scan the computers regularly for viruses
The use of various network services should be implemented in accordance with the company's network use regulations
Recovery strain mechanism
Develop a system recovery plan
Establish a system backup mechanism and implement off-site backup policies
Regularly conduct system recovery operations every year
System Security Management
Each user has their own account and password, and the account is updated immediately when logging out or switching accounts
To give different access rights according to the user's job requirements
Remote access to the management information system needs to be approved by the appropriate authority
Remove or wipe confidential, sensitive data and copyrighted software before the device is retired
Information security promotion
Require regular password changes to maintain account security
Promote information security precautions from time to time to improve employees' awareness of information security
Recovery and Response Mechanisms
  • Proposed system recovery plan
  • Establish system backup mechanisms
  • Regular drills
Network Security Management
  • Set up firewalls
  • Install anti-virus software
  • Network use specifications
System Security Management
  • Individual user accounts
  • Designated access rights according to job responsibilities
  • Remote login access management
  • Proper data deletion process
Information Security Promotion
  • Change user passwords regularly
  • Irregular information security awareness promotion
【重要聲明】敬請投資人慎防冒名之投資詐騙

請注意!有Line群組冒用本公司名義散佈並招攬投資資訊,並佯稱成員係本公司員工,或藉以招攬加入群組,進行投資行為…等。

本公司鄭重澄清,本公司名義係遭人冒用,本公司及全體子公司均未於Line、FB、Telegram或其他通訊軟體設立群組以散佈投資訊息或招攬投資。 

請投資大眾注意,切勿受騙,並勿將群組不實內容轉載散播,以免權益受損!