Governance

Home> ESG> Governance> Information Security

Information Security

Information Security Policy

  • Protect the information system from unauthorized access.
  • Prevent revisions that are not yet approved to protect information integrity.
  • Ensure authorized users can access information safely and steadily.
  • Ensure that the procedures comply with the legal requirements and continue the validity check.

Information Security Targets

  • Ensure the continuity, stability, and security of information services.
  • Ensure information asset protection integrity, accuracy and security.

Concrete Management Plan

Information Usage Security

  • Network and device security:
    1. Implement device control with the introduction of the email security system, intrusion detection and prevention system, ransomware protection system, and Endpoint protection system.
    2. Continue to perform social engineering practice drills and improve employee security awareness in device use.
  • Access security for APPs:
    1. Establish the security policies on access behavior to be applied throughout the company’ s devices and strengthen the setup for information security to ensure the authorization and secure access of programming.
    2. Gradually replace login technology applications and systems with low level of security.

Authorization of Access Security

  • Accounts and permission management
    1. Build a single log-in certification mechanism and integrate the management platforms.
    2. Evaluate the introduction of multi-factor authentication (MFA) system.
  • Information security monitoring and maintenance
    1. Build network and systems reliability to monitor the alert system.
    2. Continue to monitor unauthorized and abnormal access alerts.
    3. Continue to track various information security vulnerability protection information for instant updates or to take on protection countermeasures.
    4. Introduce information security vulnerability scanning system, conduct regular monitoring and make improvements to the occurrence of system vulnerabilities.
  • Personnel and physical security
    1. Continue and instantly update personal identification system to ensure strict control and prevention of personnel and visitors moving from the security office to core confidentiality area.

Information Asset Protection

  • Information security
    1. Sensitive company data shall be stored in the safe area and personnel can only make entry and exit after identity verification.
    2. Centralized storage for the data of every department shall be placed in the engine room and authorization for access permission is given based on job level.
    3. Sign the confidentiality agreement with external vendors to ensure the protection of company business secrets against leaks.
    4. Through instant backup system and backup copy 321 principle, the double mechanism ensures data retention.
  • Enhancing information
    1. Introduce corporate document digital version management to establish document security protecting corporate business secrets