1. Maintaining the Continuous Operation of Information Systems.
2. Ensuring the Confidentiality, Integrity, and Availability of Information.
3. Preventing Intentional and Unlawful Misuse by Humans.
4. Avoiding Human Errors and Accidents.
5. Preventing Intrusions and Damage from Hackers, Viruses, and Similar Threats.
6. Maintaining Physical Environment Security”.
7. Aligning with national information and communication security policies to enhance information security defenses, achieving proactive business continuity objectives.

The scope of information security management in our company includes:

1. Information Security Organization and Responsibilities.
2. Management of Information Security Documents and Records.
3. Information Asset and Risk Assessment Management.
4. Authorization and Protection Management of Information Equipment.
5. Network and Communication Management.
6. System Development and Maintenance Management.
7. Information Security Incident Management.
8. Information Security Audit Operations.
9. Office Information Operations Management.
10. Permission Management for Application System Usage.

Computer equipment security and data center control management encompass hardware environment control, power supply, cable security, and equipment maintenance.

The disposal of physical information assets and equipment is managed uniformly by the Information Department in accordance with the procurement process and disposal procedures to prevent the leakage of personal information.

Our company strictly prohibits and forbids the use of illegal pirated software. The software used within the company has been authorized by the respective vendors. Without prior consent from the company’s management and the head of the Information Management Department, downloading or installing software is strictly prohibited to avoid any infringement of intellectual property rights, violation of laws, or activation of malicious executables.

To achieve effective security control, personnel entering and exiting must carry identifiable identification cards and use personal fingerprint recognition. Information support or maintenance service personnel are only allowed access when accompanied by Information Management Department personnel or when granted specific authorization. Records of entries and exits should be maintained.

2-4-1. The resources for network security management ：

The Information Department manages the network system to ensure its smooth operation. It installs devices such as firewalls and information security protection to prevent illegal intrusions that could compromise the company’s trade secrets and personal data. Additionally, the internal network and host systems retain complete records of all personnel logging in and out of the system。

2-4-2. Data Security Management：

Access control and data storage security are strictly enforced through password management and regular data and software backups. For critical information, a mechanism of storing data in remote locations is implemented.

2-4-3. Data Encryption Management：

A. To maintain the confidentiality, integrity, and availability of our company’s assets, document files and research development drawings undergo document data encryption management. Additionally, there is control over the usage of USB drives.

B. Any document taken out or provided to suppliers requires a decryption request process. Decryption can only be done with the approval and signature of the General Manager. Graphics files need to be archived by document control personnel before being forwarded by IT personnel via the company’s dedicated email.