Strengthen Cybersecurity, Ensure Operational Safety

Information Security Policy

To maintain the smooth operation of information systems, services, and network conditions, reduce risks of human error, intentional acts or natural disasters, prevent unauthorized access, use, control, disclosure, destruction, tampering, deletion or other infringement, and ensure the confidentiality, integrity, and availability of information assets, we have established the following information security policy:

  1. Develop information security management regulations in accordance with government laws and regulations (such as the Information Security Management Act and related bylaws).
  2. Pay attention to information security developments, identify changes in internal and external issues, stakeholder needs and expectations, analyze risks, formulate response strategies, and take measures to reduce their impact on operations.
  3. Establish an information security organizational structure, assign roles and responsibilities to promote protective work and fulfill management responsibilities.
  4. Implement information security education and training to ensure employees are aware of their information security responsibilities and enhance protective awareness.
  5. Regularly inventory information assets and use risk assessment mechanisms to effectively control impact items.
  6. Strengthen entity and equipment protection, perform regular maintenance to maintain normal operations.
  7. Establish network transmission rules to protect sensitive documented information and prevent unauthorized access and tampering.
  8. Conduct information security audits to review and identify issues, propose countermeasures, and take corrective actions.
  9. Implement and regularly practice emergency response plans to prepare for unexpected events and quickly restore operations.
  10. Outsourced vendors and personnel must sign confidentiality agreements before executing information-related operations.
  11. The information security policy should be regularly evaluated to reflect the latest status of information security management, laws, technology, and operations, and to ensure the feasibility and effectiveness of information security practices.