Information Security Risk Management


Home > Investor Relations > Corporate Governance > Information Security Risk Management
Administration Regulations
General principle

1. Purpose

In order to enhance the safe and stable operation of the company's information operations, provide reliable information services, ensure the confidentiality, integrity and availability of information assets, and smoothly promote the company's various businesses, we formulate the company's information security policy (hereinafter referred to as the "CSC Policy") as the company's highest guidelines for information security management.

2. Scope

The objectives and strategies of CSC policy apply to the information security control process required by operations of Company. Except for all the colleagues of the company, it is also applicable to the personnel of the manufacturers and third parties who contact the company's business information or provide services.

3. Goal

  1. Ensure the confidentiality, integrity and availability of the company's business-related information, and protect the company's information security.
  2. Improve information security protection capabilities and achieve the goal of sustainable business operation.

4. Policy

  1. Assess the security needs of information operations, establish relevant procedures, development strategies, management frameworks and standards to ensure the confidentiality, integrity and availability of information assets.
  2. Establish the company's information security organization and division of powers and responsibilities to facilitate the implementation of information security operations.
  3. Formulate the company's information security incident level assessment criteria to implement various tasks to be done.
  4. Establish an information security incident notification and response mechanism to ensure that information security incidents are properly responded to, controlled and handled as soon as possible, and to reduce the scope of incident impact and disaster losses.
  5. Regularly enhance employees' information security awareness to reduce information security disasters caused by human beings.

5. Review and enforcement

The evaluation, formulation and revision of this policy shall be handled by the Information Security Committee, which shall be implemented after being signed and approved by Chairman. This policy is reviewed as necessary or when there are major changes in the organization, and appropriate revisions are made according to the review results to ensure the suitability and effectiveness of this policy.