Information Safety Management



Purposes and Scopes of the Information Safety Management

The information safety management is tosecure the safety and stability of the internet and avoid errors in systems anddamages in digital files, which lead to the suspension of the company operations. The Company has formed the policies and protocols of information safety, which regulate the usage of information systems, internet, PCs, and emails to ensure the safety of the Company.



The Framework of the Information Safety Risk

The Company has established information safety sector in January 2022 and appointed a chief information officer in August, who supervises the information safety manners in the Company and holds cross department meeting periodically to review the performance and coordinate the resources.



The Policies of the Information Safety

  1. Follow the regulation and popularize the awareness of information safety.
  2. Value risk management and ensure information safety.
  3. Require full implementation and pursueongoing improvement.


The Information Safety Control Measures

  1. Build firewalls, IPS, malicious address filters, and APT to prevent from exterior attacks.
  2. Set clearance for internet, emails, and USB drives to prevent confidential the leak of information.
  3. Periodically change the password,activate the complexity of password settings, and enhance ID verification.
  4. Install antivirus software and update the virus codes as well as develop principles of safe access.
  5. Implement SOC, virus alerts, daily system log analysis, and contingency actions to prevent the risk and damage from expansion.
  6. Information equipment requires access control and CCT with the support of uninterruptible power supply systems as well as fire drills to strengthen the safety.
  7. Provide annual information safety training and tests to increase the information safety awareness of employees.
  8. Review information safety polices and regulations annually, pay attention to related issues and development,and make responding plans to ensure the adequateness and effectiveness.


The Information Safety Operation Status

At least once a year report the information risk management operation status to the board and discuss to modify related regulations. The latest date of reporting to the board was May 3rd 2024. The company will introduce an information security management system based on ISO27001 starting in 2024 and plans to obtain third-party certification in the first quarter of 2025.