Information security protection

1. Information Security Risk Management Framework

The company has dedicated personnel responsible for monitoring information security, keeping track of developments in computer and network technologies to effectively identify potential risks. Through regular review and evaluation of information management control cycles, the company ensures their adequacy and effectiveness. Legal network security software is also deployed to enhance protection and response capabilities.

2. Information Security Policies

(1) Network Security Management

(2) System Access Control

(3) Virus Protection and Management

(4) Ensuring System Availability

(5) Computer Equipment Security Management

3. Specific Management Measures and Resources Invested in Information Security

(1) The company’s audit unit includes information security control operations in its annual audit plan and conducts at least one audit per year. The dedicated unit also carries out internal control self-checks annually.

(2) To enhance employees’ information security awareness, the company continuously organizes security awareness courses and social engineering phishing drills, aiming to reduce human-related information security risks.