information Security Management Policy
Information Security Management Policy
To ensure the smooth operation of our company’s business and to protect information and information systems from unauthorized access, use, control, disclosure, destruction, alteration, or other forms of compromise, we have established this policy. Its purpose is to safeguard the confidentiality, integrity, and availability of our information assets. All employees are expected to comply with this policy. Furthermore, we are committed to continuously improving our Information Security Management System (ISMS) based on the results of annual management reviews, in alignment with ISO 27001 security standards and the principle of continual improvement.
The company’s information security objectives are as follows:
1. Establish a robust information security risk management mechanism. This mechanism should be regularly reviewed and updated to address changes in internal and external information security conditions and to ensure its continued effectiveness.
2. Protect the confidentiality and integrity of sensitive information and IT systems provided by the company, and prevent unauthorized access or tampering.
3. Regularly and proactively communicate (via written communication, emails, on-site training, or other formats) the importance of the information security system to department heads, all board members including independent directors, and senior management. Additionally, raise awareness of the resilience of the company’s core information security systems. Personnel across all departments are expected to cooperate with relevant controls and procedures to ensure business continuity and contribute to sustainable development.
4. Conduct information security training to raise employees’ awareness of cybersecurity threats. All employees are required to actively participate in these training sessions.
5. In preparation for potential emergency situations, the company shall establish a core information system recovery plan to ensure the continued operation of critical business functions during force majeure events.
