ESG

Information Security Organizational Structure

Our company has established a dedicated Information Security Team responsible for managing information security and personal data incident crises. The system architecture under the jurisdiction of the Information Security Team comprises four main components: Network Security, Computer Security, Physical Security, and the Information Security Monitoring Platform. The responsibilities of the Information Security Team include formulating relevant policies and procedures, building and maintaining systems, regularly testing systems, conducting education and training sessions, and handling information security incidents.

System Architecture Composition

Information Security Management Policies and Measures

Five Major Information and Communication Security Policies

1. Ensure the security of company data, systems, equipment, and network communications to block external intrusions and disruptions.
2. Ensure that access rights to system information accounts and system changes are authorized through the company’s established procedures.
3. Implement destruction procedures to prevent accidental data exposure and leakage from discarded computer storage media.
4. Monitor the security status and activity records of information systems to effectively manage and address information security incidents.
5. Maintain the availability and integrity of data and systems to ensure normal operations can be resumed in the event of a disaster or damage.

Developing Specific Management Plans and Allocating Resources

Our company regularly reviews internal information security standards and builds a risk management framework for information security. When planning the promotion of information security and allocating related resources, we consider information security policies and objectives to provide the necessary resources for establishing, implementing, maintaining, and continuously improving the information security maintenance plan.

Information Security Management Measures