According to the EU's personal data protection law, we are committed to protecting your personal data and providing you with control over your personal data.
By clicking "Accept All", you agree to allow us to place cookies to enhance your experience on this website, assist us in analyzing website performance and usage, and enable us to deliver relevant marketing content. You can manage cookie settings below. Clicking "Confirm" indicates your agreement to the current settings.
Information Security Risk Management Framework
This company was established in2022year1In February 2025, the company established a Cybersecurity Committee, and on February 11, 2025, the board of directors approved the appointment of Deputy General Manager Wei Xuntai as the Chief Information Security Officer, leading the Cybersecurity Committee to coordinate information security and related matters, formulate and implement internal management procedures, and conduct regular internal information security inspections.
The Cybersecurity Committee convenes management review meetings annually to review the implementation of cybersecurity, revise information security policies, and related management procedures.
Information Security Policy
In order to establish a secure and trustworthy information operating environment for the company, maintain business continuity, reduce information operation risks, and protect the rights and interests of information service users, the following information security policy is formulated:
1.Establish an information security management system to maintain the confidentiality, integrity, and availability of the company's information assets.
2.Protect the company's information assets to prevent unauthorized access, modification, and deletion.
3.Ensure that the execution of various information services of the company complies with the regulations and requirements of government authorities, stakeholders, or information and communication security organizations.
Specific management methods
In recent years, our company has actively strengthened the overall之Information architecture, specifically carrying out multiple information security enhancement projects, and referring toISO 27001The formulation of corporate information security policies based on international information security standards includes the following scope:
1.Strengthen internal and external network security
(1)Use next-generation firewalls from leading brands for network segmentation and protection.
(2)Use external security monitoring systems to observe whether vulnerabilities arise at any time.
(3)導入IP/MACManagement system, strengthen the monitoring mechanism for external network devices.
(4) RegularlyConduct vulnerability scanning and penetration testing, and make repairs.
(5) Enable multi-factor authentication for VPN to enhance the security of remote work.
2.Enhance endpoint security
(1)WindowsRegular updates.
(2)Implement endpoint control system management.
(3)Deploy well-known antivirus software protection.
(4) Enable MDR threat detection and response services.
3.Data leakage protection
(1) Establish an electronic document encryption mechanism.
(2)USBStorage device control.
(3)User permission levels.
(4) Establish VDI architecture.
4.Email Security
(1)Spam, viruses, or phishing emails blocking.
(2)Establish an email backup mechanism.
5.EnhanceITInfrastructure
(1) Establish a remote data backup mechanism and conduct disaster recovery drills for important systems every six months.
(2)Establishment of server and network cluster architecture.
6.Enhance employees' information security awareness
(1)Conduct social engineering drills regularly every quarter.
(2)Regularly promote information security policies through the employee portal.
(3)IT personnel hold discussions on information security incidents every month.
Investing resources in information security management
1.Our company is actively strengthening the overall information security framework and is specifically implementing multiple information security enhancement projects, as follows:
(1)Recruit dedicated information technology talents.
(2)Strengthen endpoint protection and evaluate the implementation of network micro-segmentation systems.
(3)Increase the budget allocation to establish a cross-factory high availability architecture.
2.Cybersecurity Committee2024Annual execution situation:
(1)This company was established in2022年1月17On the day of establishment of the Cybersecurity Committee, the total number of members is14位。
(2)The company has established a Chief Information Security Officer.1Position, dedicated cybersecurity personnel1位。
(3)2024The Information Security Committee held a management review meeting.1Next, the cybersecurity team held a project meeting.26Next, the cybersecurity audit team held an internal audit meeting.3次。
導入ISO27001
This company was established in2021Year11Start implementation in the monthISO27001,並於2022Year8The month has passed verification, valid until2022year8月17日至2025year8月16日。