About Us

Information

History

Organization

News

Press Room

Activity Information

Media Area

Promotional Materials

Products

Raw Materials

Bulk Cable

Cable Assembly

Capabilities

Certifications

UL Style

Customize

Applications

ESG

ESG

Corporate Governance

Sustainability Report

Investor Information

Financial Information

Shareholder Information

Corporate Governance

Stakeholder Information

Internal Audit Information

Career

Salary and Benefits

Talent Training

Work Environment and Safety Measures

Career

Contact

Privacy Policy

Search

繁體中文

Corporate Governance

Information Security Management

Board of Directors Board of Directors Resolutions Audit Committee Compensation Committee Selection of Independent Directors Communication between Independent Directors, Internal Audit Officer, and Accountants Corporate Governance Operations Information Security Management Important Internal Company Regulations Integrity in Business Operations Other Matters

The information security responsibilities of the company lie with the Information Management Department, which has a dedicated information security supervisor and personnel responsible for formulating the company’s information security policy. They work to establish a secure and reliable operational environment, ensuring the security of data, systems, and network environments. The department also regularly reviews the company’s information security management framework and policies to ensure they are appropriate and reports the findings to the general manager.

The audit department is responsible for overseeing information security compliance, auditing the company’s information security regulations, and regularly reviewing whether these security measures are effectively implemented in order to reduce risks and damages related to information security.

Information Security Policy

  • Access to the company’s system resources requires logging in with a username and password, with specific settings for password length, password history, maximum password expiration, and login failure lock mechanisms. Users can only operate within authorized areas to maintain system security and control.
  • Users are allowed to change their passwords at any time, and the Information Management Department regularly promotes password updates and information security policies and regulations.
  • Network services are used according to the information security policy, and different departmental attributes are assigned different permission settings.
  • The configuration of firewalls and mail gateways is regularly reviewed and enhanced to ensure the security of the company’s network environment and email transmissions.
  • Operating systems, network environments, and emails are automatically monitored and scanned for viruses.
  • Antivirus software is regularly updated, and the virus definitions are kept up-to-date.
  • System data backups are automatically performed daily.
  • External backup media for critical backups are additionally stored in a vault at a reputable public or private bank, and these media must be updated at least weekly.
  • Data for important systems is backed up off-site, with a disaster recovery mechanism in place, and stored in the IDC data centers of companies providing disaster recovery services.
  • Information security supervisors and personnel undergo relevant training.
  • The company joins information security intelligence-sharing organizations to receive alerts on security threats and vulnerabilities.

Specific Management Plan

  • The company has joined TWCERT Cybersecurity Alliance and shares cybersecurity intelligence via the TWISAC platform to maintain information security.
  • Without permission from the IT staff, employees are not allowed to move or disassemble peripheral equipment or modify computer system settings.
  • The server room is equipped with independent air conditioning, backup air conditioning, fire safety equipment, surveillance cameras, access control, and an uninterruptible power supply (UPS). Regular maintenance ensures that these systems operate securely. Access to the server room requires the presence of IT staff and the completion of the access control log.
  • When vendors perform software or hardware maintenance, they must be accompanied and supervised by IT staff.
  • Unauthorized software, whether legal or illegal, cannot be installed on company computers without verification from the IT department. The company has established a software inventory system to monitor software usage.
  • Public software and documents are stored securely in the Information Management Department.
  • All personal computers and servers used internally are equipped with antivirus software, which detects viruses in external storage devices and defends against vulnerabilities. Antivirus software is automatically updated with the latest virus definitions. The company also uses anti-spam protection equipment, and emails sent or received through the company’s email server are scanned for viruses before transmission. Sensitive emails are encrypted before being sent.
  • The company’s network is monitored 24/7 to detect and block unauthorized access, and defense mechanisms are adjusted as needed.
  • Emergency Response and Disaster Recovery Management: To address system failures due to unexpected incidents, the company has established a disaster recovery plan. Emergency response and recovery procedures are regularly tested, with tests recorded and analyzed for improvements to minimize the impact of disasters on the company’s information operations.

Resources Invested in Information Security Management

  • An annual information security budget is allocated to maintain and enhance cybersecurity defenses, such as renewing software and hardware maintenance contracts and upgrading server room equipment. In 2024, approximately NT$1,145,000 was invested.
  • The company has designated two cybersecurity personnel, including one information security manager and one dedicated cybersecurity staff member.
  • This year, the manager and staff have held six discussions related to information security.

Oct. 19 2023

Information Security Policy