Information and communication security
I. Information and Communication Security Risk Management Framework
Our company has established a cybersecurity risk management framework, formulated cybersecurity policies, appointed the head of the administrative department as the cybersecurity manager, and assigned cybersecurity personnel to be responsible for the planning, monitoring, and execution of cybersecurity maintenance operations to ensure the confidentiality, integrity, and availability of our information assets. We also conduct cybersecurity audits periodically, formulate improvement measures for any issues found, and regularly track the progress of these improvements.
II. Cybersecurity Policy
To effectively implement information security management and maintain the confidentiality, integrity, and availability of the company's assets, as well as to protect the privacy of user data, the company's information security policy applies to all employees, outsourced service providers, and visitors.
PDCA (Plan-Do-Check-Act) cycle management ensures that goals are achieved and continuous improvement is achieved.
III. Specific Management Plan
IV. Quantitative Data on Resources Invested in Information Security Management
Professional development for cybersecurity supervisor and cybersecurity personnel (1 person): Complete 6 hours of "Cybersecurity Video Course for Cybersecurity Personnel of Listed Companies" certification in 2024.
Outsourcing maintenance services to professional computer information technology companies costs approximately NT$100,000 per year.
Firewall maintenance, disaster recovery drills and tests, and NAS storage equipment upgrades cost approximately NT$150,000 per year.
The outsourced IT vendors perform monthly maintenance on all of the company's IT equipment, including firewalls, server hosts, network equipment, and personal computers, and provide a checklist after maintenance for our records.
Fully activate the paper document protection settings mechanism for office machines to prevent printed documents from being left unclaimed or accidentally taken in public areas, thereby reducing the risk of leakage of confidential information.
We conduct cybersecurity training courses every year to enhance employees' cybersecurity awareness.