Information Security Policy

In view of the increasing popularity of computer and network applications in recent years, and to ensure the security of the Company and information security-related data, information systems, equipment and networks, the Company has established the Information Security Policy. The top executive of the information department serves as the convener to review the information security governance policies of each subsidiary and to oversee their operations. The Policy is regarded as the guidelines for the division of organizational authority and responsibility, personnel training, computer hardware and software, network and physical environment management for information security management of the Company. Additionally, the Top Executive reports regularly to the Board of Directors on the implementation of information security risk management.

 

 

2024 Information Security Operations

Operation item

Description

Information Security Advocacy

In 2024, a total of 12 information security promotions will be carried out.

Disaster Recovery Plan 

1.In 2024, a total of 2 Disaster Recovery Plan and Internal audit.
2.The data backup and off-site backup each quarter. 

Information Security Training

In 2024, including a total of 439 on-the-job information security education and training. The main contents include:

  • Data Leakage Prevention
  • fishing technique
  • Response method
  • trade secret protection

Social Engineering Drill on Employees' E-mail Security in Enterprise.
New employee education and training 100% completion rate (new recruits in 2024).

Information security check by external professional organization

 A total of 2 times will be arranged in 2024, including vulnerability scan.

ISO 27001:2022 Certification

 Obtain ISO/IEC 27001 certification in 2024/12.

Information security policy

1.Control sure the internet behavior through VPN policies.

2.Deploy the Endpoint protection system (XDR) solution on main server and

    latop.

3.Deploy WAF (Web Application Firewall) to protected the Company official

    website.
Information Security Awareness Training

The total number of education will reach 214 hours in 2024.
Information security audit The audit office has conducted annual audits and audit reports.
Internal control and information security controls

1.ISO 27001 Information security laws and regulations , including a total of     

   39 documents(including 58 application forma).
2.Establish personal data protection and computer information management and

   control operations.
Note: The company obtained ISO 27001:2022 certification in December 2024

 

 

 

ISO 27001: 2022

ISO 27001:2022

 

Previous
Risk Control

Keep Interacting

ESG Report
Questionnaire
Contact Us
FB