(1) Information Security Policy
In accordance with the “Corporate Governance Best Practice Principles” published by the Market Observation Post System (MOPS), this policy is established to reduce risks associated with information application. It aims to ensure the security of the company’s software, equipment, and internet access. The policy serves as a guideline for all employees to follow in order to maintain information security.

To prevent the company’s information systems from being misused or maliciously attacked by internal or external individuals—and to enable a prompt response and recovery in the event of such incidents—the company has formulated this policy to minimize operational disruption and damage. It applies to all employees. New hires are required to receive information security awareness training to strengthen their understanding and vigilance regarding cybersecurity.

(2) Information Security Management Framework

  1. The IT Department (9 staff members) is responsible for coordinating information security and establishing management control procedures, while the Audit Office conducts regular internal audits.

  2. Proactively defend against internal and external cyberattacks.

  3. Prevent production losses caused by power outages, viruses, or equipment failures.

  4. Hold at least one discussion meeting per quarter.

(3) Specific Management Measures

  1. Account and Password Management: All employee computer and system account applications are strictly controlled and must be approved by supervisors. Account permissions are revoked immediately upon resignation. Passwords must be updated every 3 months to enhance security.

  2. Network Security Management: Network devices are managed by designated personnel who monitor network conditions at all times. External networks are protected by firewalls to guard against intrusion and attacks. Antivirus software is installed on all computers.

  3. USB Device Control: To reduce the risk of malware infections through software use, USB access is restricted via software management to prevent unauthorized usage.

  4. Network Access Control: Internal network services and data access are protected. For remote access, strict identity authentication procedures are enforced, with firewall protection in place.

  5. Uninterruptible Power Supply (UPS): Critical network hardware is equipped with UPS to prevent unexpected shutdowns.

  6. Server Room Access Control: Host systems, storage, and network devices are placed in a secure server room with access control to manage entry and exit.

  7. Backup and Disaster Recovery: ERP system databases are backed up daily. Annual disaster recovery drills are conducted, and offsite backups are maintained to ensure quick restoration in the event of a disaster and to maintain normal operations.

  8. External Audits: Deloitte & Touche conducts annual reviews of the company's IT operations and information security practices.

(4) Resources Invested in Information and Communication Security Management
All new employees are required to complete an information security awareness video training program.

(5) Information Security Risks and Mitigation Measures
Although the company has implemented cybersecurity measures for its networks and computer systems, it cannot fully guarantee immunity from malicious attacks such as computer viruses or ransomware that may infiltrate the network and disrupt operations. To reduce the risk of such attacks, the company has strengthened its network firewalls and access controls to prevent virus spread.

(6) Major Information Security Incidents
None reported.
Added to Cart
Shopping Cart Updated
Network error, please try again!