Risk Management

1. Ensure the continuity of the Company's business operations and the stability of the information services provided by the Company.
2. Ensure the confidentiality, integrity and availability of information assets in the Company's custody and to protect the privacy of personnel information.

1. Network information security control

• Establishment of next-generation firewall
  
• Regular virus scanning of computer systems and data storage media
• The use of each network service shall be carried out in accordance with the information security policy.
• Regularly review the System Log of each network service item to track irregularities.
• Occasional vulnerability scans, social engineering exercises, and protection system effectiveness checks

2. Information access control

• Computer equipment should be kept by dedicated people with account and password created.
• Different access rights according to the function.
• Cancellation of original authority for transferred personnel
• Remove or overwrite confidential, sensitive information and copyrighted software before disposing of equipment
• Remote access to the management information system should be properly approved

3. Response and recovery mechanism

• Regular review of emergency response plans
• Regular annual rehearsals for system recovery
• Establish system backup mechanism and implement off-site backup
• Regular review of computer network security controls

4. Promotion and inspection

• Promote information security information at all times to raise employees' awareness of information security
• Regularly perform annual information security inspections and report to the CEO

1. Drill practice for information personnel was conducted on October 16, 2021.
2. We have conducted 5 information security educational trainings this year with a total of 51 people-time and a total of 133 person-hours.