Information Security Organization and Operation

The Company formulated proper and appropriate information security documentation and control measures to cover related management links. The Information Department is responsible for information security and risk management. It designs an information management system and provides instant decision support system and management information in accordance with the company's business policy and mode of operation. It covers policy, organization, personnel, network security, operation management, access control, information system development and maintenance, information security incident, etc.

Information Security Policy

The company’s information security risk management framework are three levels of personnel, internal and external.

  • Personnel:Information security policy, training, licensing control.
  • Internal:Network control, antivirus, data protection.
  • External:Firewall Intrusion Prevention System.

The company is responsible for the prevention, deal with and post-review of information security incidents.

  • Prevention: Enhance awareness and prevention of information security incidents, build a more secure network environment and strengthen data access security and integrity.
  • Deal with: Real-time processing, control and blocking, data preservation, backup and recovery.
  • Review: Evidence preservation, investigation, review and improvement.

Countermeasures

  • The Information Department conducts annual internal audit to verify the effectiveness of the system, and the audit unit regularly reports the results to the board of Directors.
  • Information security promotion to enhance the concept of protection periodically.
  • The account, password and authority held by the employee should be kept, used and replaced regularly.
  • The network establishes multi-level defense such as firewalls, anti-virus software and other control mechanisms.
  • Important services and data are all backed up and backed up off-site to ensure uninterrupted services and no loss of data.
  • Design appropriate information security response and notification procedures.