To ensure that the Company’s Information and Communication Security Management System is thoroughly implemented, operates effectively, is properly supervised and managed, and continuously improved, and to safeguard the confidentiality, integrity, and availability of the Company’s critical information systems, this Information and Communication Security Management Policy is hereby established.
This policy is intended to provide clear guidance for employees in their daily work. All employees are obligated to actively participate in and promote the Information and Communication Security Management Policy to ensure the secure and stable operation of all Company personnel, data, information systems, equipment, and networks. It is expected that all employees understand, implement, and maintain this policy to achieve the goal of continuous information operations.
“Implement Information and Communication Security and Enhance Service Quality”
“Strengthen Information Security Training to Ensure Business Continuity”
“Establish Effective Emergency Response and Rapid Disaster Recovery”
Implement Information and Communication Security and Enhance Service Quality
All employees shall thoroughly implement information security management. All information-related operational measures must ensure the confidentiality, integrity, and availability of business data, and prevent risks such as information leakage, damage, or loss caused by external threats or improper internal management. Appropriate protective measures shall be selected to reduce risks to an acceptable level, and continuous monitoring, review, and auditing of the information security management system shall be conducted to enhance service quality and improve service standards.
Strengthen Information Security Training to Ensure Business Continuity
All employees shall be supervised to implement information and communication security management. Appropriate information and communication security education and training shall be conducted annually to establish the concept that “information and communication security is everyone’s responsibility.” This will help employees understand the importance of information and communication security, comply with related regulations, enhance security awareness and emergency response capabilities, reduce information and communication security risks, and achieve the goal of continuous operations.
Establish Effective Emergency Response and Rapid Disaster Recovery
Emergency response plans and disaster recovery plans for critical information assets and key business operations shall be established, and emergency response procedures shall be regularly tested through drills. This ensures that, in the event of information system failure or major disaster incidents, systems can be restored rapidly, critical business operations can continue, and losses can be minimized.
This Information and Communication Security Policy shall be implemented upon approval by the General Manager. The same procedure shall apply to any revisions.
This Information and Communication Security Policy was established on the 21st day of the 2nd month of the 111th year of the Republic of China.