In light of the widespread use of computers and the Internet in recent years, this policy is established to ensure the security of the company's data, information systems, equipment, and the Internet. This serves as the basis for all employees regarding information security.
The company has established an Information Security Task Force to coordinate, plan, audit, and promote information security management matters.
The task force consists of all personnel from the Management Department, including the Manager, IT Specialist, Documentation Specialist, General Affairs Specialist, and HR Specialist.
The IT Specialist is responsible for discussing, establishing, and evaluating information security policies, plans, and technical specifications. The IT department operates independently of user departments.
The entire Management Department is responsible for information confidentiality maintenance and security audits.
To ensure the accuracy of information processing, the reliability of equipment (including computer hardware, software, and peripherals) and network systems, and to protect resources from interference, destruction, intrusion, or any adverse actions, appropriate system planning, procedural norms, and administrative management are coordinated to prevent internal and external threats and maintain system security.
Personnel security management, responsibility, and education training.
Computer system security management.
Network security management.
System access control.
Education and training.
Security management of system development and maintenance.
Security management of information assets.
Physical and environmental security management.
Business continuity planning and management.
Network hardware equipment such as firewalls, email antivirus, and spam filtering.
Software systems like endpoint protection and VPN authentication.
Telecommunication services such as backup lines and UTM intrusion prevention.
Human resources for daily system checks, weekly backups, security awareness, annual disaster recovery drills, internal audits, and CPA audits.
Information security personnel: Establish an Information Security Task Force responsible for security architecture design, maintenance, monitoring, incident response, policy review, and annual reporting to the Board of Directors.
No major incidents causing business damage have occurred.
Information security policies and related regulations are regularly reviewed and evaluated to reflect government laws.
Information personnel continue to receive security training to ensure the latest technical and business developments.
Through the continuous improvement, updating, and implementation of security policies, the company effectively reduces the probability and impact of various information threats, achieving risk control. Overall, the information risk is low, with minimal impact on finance and operations. The company will continue to improve and cooperate with TWCERT/CC, referring to international standards to establish security KPIs and enhance security measures.
