Information Security

Enterprise Information Security Organization

The company has established an Information Security Task Force responsible for policy development, execution, risk management, and compliance auditing. The task force reports regularly to the Board of Directors on information security performance, trends, and technologies. On March 27, 2025, the task force reported the 2024 outcomes and 2025 goals.

Cyber Policy

“To maintain the Company information security, conduct self-manage, and raise information security awareness.”

Cyber Security Risk Management Framework

The Information Security Team collaborates with information security teams from Taiwan and overseas subsidiaries to plan, execute, audit, and take action (PDCA cycle) to enhance information security management. They regularly review and optimize information security policies and protective measures to effectively implement security management.

information en
  • Plan:Establishing cybersecurity policies and management practices.
  • Do:Multi-layered cybersecurity management (hardware, network, devices, access control, cybersecurity monitoring and operations)
  • Check:Continuous cybersecurity monitoring.
  • Action:Improving cybersecurity measures, implementing security tools, and conducting information security training and awareness campaigns.

Specific Management Measures

Plan Name Plan Description Execution Results
Social Engineering
Exercises and
Information Security
Awareness
Regular social engineering drills and awareness programs to raise awareness of
intrusion and malicious processes
In 2024, conducted 2 social engineering drills and 5 security awareness sessions, 
enhancing employees’ information security awareness
Establishing Multilayered
Cybersecurity
Defense Mechanisms
Deploying endpoint firewalls, intrusion detection, and email filtering systems; key servers equipped with anti-virus software and endpoint protection Strengthened security of host systems, networks, and information through deep
defense layers, reducing attack risks
Vulnerability Scanning
and System Updates
Regular system updates, scanning and patching vulnerabilities on hosts and networks In 2024, conducted 2 vulnerability scans and performed monthly system updates and patching to reduce attack risks
Information Security
Monitoring
Implemented NDR to monitor and analyze network traffic, and MDR to detect endpoint threats Information security personnel immediately detected abnormal behavior or attacks and responded quickly to prevent spread
Disaster Recovery Drills Regular execution of backup recovery drills Completed 2 disaster recovery drills in 2024
Training and Education Technical training for information security managers and personnel Completed 24 hours of information security management system training

Short-Term Information Security Goals

Continue to enhance phishing/social engineering drills and security awareness campaigns, deploy next-generation intrusion detection and prevention systems, strengthen vulnerability scanning and patching, Conduct regular disaster recovery drills for core systems. 
No major information security incidents affecting operations in 2024

Information and Communication Security Risks and Countermeasures:

  1. Risk Challenges: Cybersecurity threats are diverse and rapidly evolving, making them difficult to fully prevent and potentially causing system interruptions and reputational damage.
  2. Current Mitigation Measures: Integrated with the TWCERT/CC cybersecurity platform, implemented IPS/MDR/NDR systems, and regularly conducted awareness training and disaster recovery drills to strengthen protection.
  3. Future Enhancement Direction:Continue optimizing defense architecture, expanding  professional personnel, and conducting internal certification training to comprehensively improve information security management efficiency.

Significant Information Security Incident:

Zero significant information security incident in 2024.