Information Security

Our company has established "Information Security Management Procedures." The Information Security Committee is responsible for building the information security risk management framework, setting information security policies, and defining specific management plans. The Head of the Information Department serves as the convener of the Information Security Committee, overseeing all information security-related matters. The most recent report to the Board of Directors was on March 13, 2025.

Information Security Policies, Specific Management Plans, and Resources Invested in Information Security Management:

☆Connections between the external network and the company's local area network must pass through server room network equipment and require firewall authorization.

☆There must be at least two external network lines to ensure operations can continue via a backup line if a single line is interrupted.

☆All computers should have antivirus software installed and regularly update virus definitions.

☆Users and IT personnel are prohibited from executing files, emails, or software from unknown sources to prevent viruses or Trojan horse programs.

☆The mail server has antivirus and spam filtering capabilities as a first line of defense.

☆System administrators should regularly check for operating system or software security updates and establish a system update notification platform. Colleagues should update as soon as they receive notifications.

☆Colleagues should store important personal data in two locations: on the company's personal computer and on the server host's data storage area for backup purposes.

☆IT personnel should regularly back up system and database files and copy backup files to an external USB hard drive for proper storage.

☆IT personnel should regularly review firewall, mail server, and system log records and take immediate action if any abnormalities are detected.

☆If IT personnel find accounts that have not been used for a long time, they should first disable them. After investigating the reason, they should either delete or reactivate the accounts.

☆If there is a concern about password leakage, IT personnel should change the password.

2025 Information Security Operations:

◆Continuously replaced old server room equipment to enhance the overall physical security of hardware facilities.

◆Firewalls, mail servers, and core system hosts have all maintained normal operation, with no instances of hacking or Trojan horse intrusions, and no ransomware incidents.

◆Optimized backup strategies for mail servers, approval systems, and file hosts to provide more comprehensive data redundancy.

◆Re-planned the physical network architecture, upgraded firewall software and hardware, and included various information, monitoring, and security hosts within the scope of protection.

◆Upgraded wireless network hardware, introduced enterprise-grade wireless routers, and implemented separate network signals for employees and guests.

◆Ensured effective segregation of internal and external networks through the establishment of a VLAN architecture, reducing the risk of potential threat penetration.

◆Conducted a comprehensive review of all system accounts, revoking permissions for employees who have left the company or whose job duties have changed.