Close
Cart is empty
Information Security Management Policy
The information security policy, as approved by the Board of Directors, ensures the security and durability of the Group's information system, eliminates any possible information security incidents, maintains the confidentiality, integrity, and availability of information, and establishes a correct concept of information security for employees to maintain the Group's sustainable operations. In the future, we will continue to follow this policy and gradually improve the Company's information security-related regulations and measures, in order to build an effective information security defense network as our vision for information security, customer privacy and confidential information protection. This set the basis for customers’ willingness to establish collaboration with the Company for many years. Therefore, the Group is committed to protecting customer information security to protect customers' rights and interests, and regards this as the Company's most important information security management goal. The goal is to establish long-term mutual trust and cooperation with customers, while ensuring the protection of company confidential documents to prevent information leakage.
.jpg "Information Security")
Information Security Management and Control Measures
- Data access control
To protect the company's information system and data security, appropriate management measures are established for security control, personnel access control, environmental maintenance (such as temperature and humidity control), and physical monitoring in server rooms and key areas. - Anti-virus software management
Anti-virus software is installed on all internal computers and server hosts, and is set to automatically update and download anti-virus software to maintain company data and property.
Access rights and data encryption measures are set for important or confidential files to prevent document leakage and hacker intrusion. Set access rights and record retention for external USB files and files for management according to the budget allocation. - Backup management
Perform daily tape and off-site backup, and will gradually implement more complete off-site backup (such as cloud backup) to ensure that important data is properly preserved. In 2024, it is expected to establish system backup for important machines, configure internal firewalls, email external reminder function to facilitate employee identification. Quarantine spam or cyber-attack emails, as well as forged emails, will continue to be implemented through annual software updates. - Software and hardware maintenance
Software and hardware maintenance is outsourced as needed, and employees are prohibited from installing or removing any software and hardware, and will be held responsible for any damage or loss. - Internal information security disaster drills
To ensure the safety of information operation system, equipment, network and data, the Company conducts systemized disaster drills every six months, mainly to test the recovery of the host system. The Company has also established a disaster recovery contingency procedure, with the President as the convener and the head of the IT Department and Department colleagues as the team members, to respond to the notification and contingency handling of major incidents to ensure that the Company's servers can resume normal operations within the shortest possible time in the event of a disaster. In 2023, the success rate of systematic disaster drills was 100% (one in each of the first and second half of the year), and the Company did not have any information security incidents. - Information Security Enhancement Planning
The Information Security Office will periodically send email notifications regarding recent and frequent information security events, along with relevant news content, to enhance employee information security awareness. - Information Security Management
Formulate and disclose the information security policy and specific management plan: Information Security Operation Management Regulations; and joined the joint defense organization in November 2023.