「Implement information security protection and ensure operational safety」

Information Security Policy

In order to maintain the smooth operation of information communication systems, information services and network status, reduce risks such as human negligence, intentional or natural disasters, and prevent unauthorized access, use, control, leakage, destruction, tampering, destruction or For other infringements, ensure the confidentiality (Confidentiality), integrity (Integrity) and availability (Availability) of information assets and formulate specific information security policies.

1)    Formulate various information security management regulations and handle them with reference to government laws and regulations (such as: Information Security Management Act and related sub-laws, Executive Yuan, etc.)

2)   Pay attention to the development situation of information security, identify changes in internal and external issues and the interaction between the needs and expectations of stakeholders, analyze risks, formulate countermeasures and take measures to reduce their impact on operations.

3)   Establish an information security organization system and assign duties, powers and responsibilities; promote protection work and fulfill management responsibilities.

4)   Implement information security education and training to ensure employees understand information security responsibilities to enhance protection awareness.

5)   Regularly inventory information assets, use risk assessment mechanisms, and effectively manage and control impact projects.

6)   Strengthen physical, environmental and equipment protection, perform regular maintenance and upkeep, and maintain normal operations.

7)   Establish network transmission rules to protect sensitive documented information from unauthorized access and tampering.

8)   Implement information security audits, examine and discover problems, propose countermeasures and take corrective measures.

9)   Through emergency response plans and regular drills, we can prepare for emergencies and quickly resume operations.

10)    Those actually engaged in information communication-related operations (employees, outsourced vendors and personnel) must sign a confidentiality agreement before they can perform information-related operations

11)   Information security policies should be evaluated regularly to reflect the latest status of information security management, laws, technology and operations, and to ensure the feasibility and effectiveness of information security practices.