Operation of the Information Security Policy
1. Establishment of an Information Security Management System
The Company is committed to protecting all information assets within its possession. In strict compliance with applicable laws, regulations, and relevant administrative guidelines concerning information security, the Company shall establish a robust information security management system to reinforce corporate governance and continuously maintain public trust.
2. Appointment of an Information Security Supervisor
The Company shall appoint an “Information Security Supervisor.” Through this appointment, the Company shall proactively engage in activities to accurately understand the status of information security across the entire organization and promptly implement necessary countermeasures.
3. Development of Internal Information Security Regulations
The Company shall establish internal regulations based on this Information Security Policy, clearly defining protocols for the handling of both Personal Information and all corporate information assets. In addition, the Company shall thoroughly communicate internally and externally that strict measures will be taken against information leakage and related incidents.
4. Enhancement of Audit Systems
The Company shall establish a framework for conducting internal audits to verify compliance with the Information Security Policy, related regulations, and rules. By conducting such audits systematically, the Company will ensure that all officers and employees strictly adhere to this Policy.
5. Implementation of Systems with Thorough Information Security Measures
The Company shall implement systems incorporating comprehensive measures to prevent unauthorized access, leakage, falsification, loss, destruction, and disruption of use of information assets. Such measures include operations within highly secure areas and restricting database access privileges to strictly control data access.
6. Improvement of Information Security Literacy
The Company shall thoroughly provide security education and training to all officers and employees, ensuring that everyone involved with the Company’s information assets can perform their duties with sufficient information security literacy. Furthermore, the Company shall conduct ongoing training to effectively adapt to a constantly changing security environment.
7. Strengthening Management of Outsourcing Contractors
When entering into outsourcing agreements, the Company shall thoroughly evaluate the qualifications of contractors and require them to maintain security standards equal to or higher than those of the Company. In addition, the Company shall continuously review contractors and strengthen contractual provisions to ensure these security standards are appropriately maintained.
8. Scope of the Information Security Policy
The “information assets” covered by this Policy refer to all information obtained or learned through the Company’s business activities, as well as all information held by the Company in the course of its operations. This Policy applies to and must be complied with by all the Company’s officers, employees, dispatched personnel, and other individuals involved in the handling and management of such information assets, as well as outsourcing contractors and their employees who handle the Company’s information assets.
9. Establishment and Revision Date
Established on May 21, 2025