德英生物科技
Inquiry Cart

Information and communication security management

Information Security Management Policy

Item Description
Policy 1. Robust information security protection can effectively prevent hacking and data leakage, and ensure the stability of the Company’s operations. Proper information security measures also provide comprehensive protection.
2. They protect the Company’s assets, further enhance customer trust, maintain corporate image, and serve as the cornerstone of sustainable business operations.
Commitment 1. The Company will continuously strengthen information security protection to safeguard the interests of all stakeholders and ensure the security of Company assets and customer data.
2. To maintain business operations and customer trust, the Company is committed to implementing information security measures to prevent various information security threats.
Short-term Goal 1. Zero major information security incidents each year (to monitor whether any confidential information has been leaked).
Medium- to Long-term Goals 1. Continuous optimization: continuously update information security technologies and comply with regulations to keep systems and processes up to date.
2. Information security culture: embed security awareness into corporate culture and cultivate a proactive defense mindset among employees (awareness promotion).
Resources Invested / Concrete Outcomes Resources invested:
1. Hardware: firewall / backup equipment maintenance
2. Software tools: email filtering / antivirus software maintenance
3. Human resources: audit personnel
4. Training: employee information security education
Concrete outcomes:
1. No major deficiencies were identified in the Company’s internal control audit in 2024.
2. Regular antivirus / firewall activities in 2024.
3. Email blocking activities in 2024.

※ On mobile devices, you can swipe horizontally to view all table columns; on desktop, the full width is displayed without truncation.

In order to ensure that the Company’s information security management system is fully implemented, operates effectively, is properly supervised and continuously improved, and to protect the confidentiality, integrity, and availability of the Company’s critical information systems, this Information and Communications Security Management Policy is hereby promulgated.

This Policy is intended to provide employees with clear guidelines in their daily work. All employees are obliged to actively participate in promoting information and communications security management so as to ensure the secure operation of the Company’s personnel, data, information systems, equipment, and networks. The Company expects all employees to understand, implement, and maintain these requirements to achieve the goal of continuous information operations.

(1) Implement information and communications security and enhance service quality:
All employees shall fully implement information security management. All information-related operational measures must ensure the confidentiality, integrity, and availability of business data and protect it from external threats or risks arising from improper internal management. Appropriate protection measures shall be selected, and information security management systems shall be continuously monitored, reviewed, and audited to enhance service quality and standards.

(2) Strengthen information security training and ensure business continuity:
The Company supervises all employees in implementing information and communications security management and conducts appropriate training every year to establish the concept that “information and communications security is everyone’s responsibility.” This helps employees recognize its importance, comply with regulations, and enhance their response capabilities to reduce information security risks.

(3) Establish emergency response and rapid disaster recovery:
The Company formulates emergency response and disaster recovery plans for critical information assets and key operations and conducts regular drills to ensure that systems can be quickly restored in the event of system failures or disasters, thereby maintaining operations and reducing losses.

(4) Conduct regular audits and manage effectiveness:
The Company conducts internal audits annually to ensure the effectiveness of information security and personal data protection management. Hardware and system software maintenance, information security inspections, and personal data protection management are included as yearly audit items (at least once a year), and the results are reported to the Board of Directors along with the issuance of the Statement on Internal Control System.

No major information and communications security incidents occurred in the most recent year that resulted in losses, potential impacts, or required specific response measures.