Information Security Risk Management Framework
The Information Security Department is an independent unit directly under the General Manager's Office, responsible for coordinating and executing information security policies, promoting information security awareness, enhancing employee awareness of cybersecurity, and improving the internal cybersecurity management system and its effectiveness. The Audit Department conducts an annual review of the internal control system "Electronic Computer Cycle" to perform information security audits and evaluate the effectiveness of internal controls over information operations.
Cybersecurity Policy
The company has established internal control systems, including the "Electronic Computer Cycle," "Computer Operations Management Regulations," and "Cybersecurity Control Guidelines," The subsidiary has obtained ISO 27001 international information security certification. with all employees working together to achieve the following policy objectives:
(1) Ensure the confidentiality and integrity of important company data.
(2) Ensure continuous normal operation of all systems.
(3) Ensure that data and systems can only be accessed or modified by authorized personnel.
(4) Regularly conduct information security audits to enforce cybersecurity.
(1) Network Control
a. Set up firewalls
b. Install antivirus software on all computers and automatically virus definitions
c. Regularly scan computer systems and storage devices for viruses and threats
d. Regularly check network service logs for any abnormal situations
(2) Data Control
a. Require periodic changes to computer login passwords
b. Revoke access rights for personnel who leave the company
c. Destroy or overwrite storage hardware before decommissioning old computers
d. Users operate according to the data access permissions granted
e. Encrypt important graphical and text data
(3) Incident Response Mechanism
a. Regularly practice data and system recovery drills
b. Implement regular backup procedures with off-site backups
c. Continuously promote cybersecurity awareness
(4) Resources Allocated for Cybersecurity Management
a. Allocate an annual cybersecurity budget and ensure its implementation
b. Establish a dedicated cybersecurity unit, with one dedicated cybersecurity manager and two dedicated staff members, meeting monthly to report cybersecurity status to the General Manager.
c. Regularly review the cybersecurity policy and submit an annual cybersecurity report to the Board of Directors.
d. Join Taiwan Computer Emergency Response Team (TWCERT) to receive cybersecurity intelligence, enabling early prevention of various cybersecurity threats.
繁體中文
ENGLISH
简体中文