Currently, information security-related affairs are managed by personnel from the Management Department and the IT Department.
1. Regularly inventory information assets and personal data; conduct risk management based on information security and personal data risk assessments, and implement various control measures.
2. Periodically conduct information security and personal data protection training and awareness programs. All new employees are required to sign an information security confidentiality agreement.
3. Outsourced contractors must sign confidentiality agreements to ensure that those using information services or performing related tasks have the responsibility and obligation to protect company information assets from unauthorized access, modification, destruction, or improper disclosure.
4. Appropriate backup and redundancy mechanisms have been established for critical information systems or equipment to maintain their availability.
5. Antivirus software is installed on all personal computers with regular virus definition updates; the use of unauthorized software is strictly prohibited.
6. Regularly review employee accounts and permissions, and require employees to change their passwords periodically.
7. Conduct annual internal audits to ensure the effectiveness of the information security and personal data protection management systems.
The Company includes information security and personal data protection checks as annual audit items. The internal audit unit performs at least one audit per year. Furthermore, the Company conducts self-assessments of the internal control system annually, reports the implementation effectiveness to the Board of Directors for review, and issues an Internal Control System Statement based on the evaluation results.
