Infosecurity Policy
Information Security Management Policy Statement
1. Establish appropriate organizations to maintain the normal operation of the information security management system.
2. Develop a mechanism for monitoring and controlling information assets. All personnel (including regular employees or outsourced personnel, such as on-site vendors, part-time employees, and consultants) have the responsibility and obligation to protect the relevant information assets of their respective business areas, ensuring the confidentiality, accuracy, and availability of Company’s important information assets.
3. Employees' job responsibilities should be clearly defined, and they should be granted only the necessary authority and information needed to complete their tasks.
4. Personnel recruitment should involve necessary evaluations, signing of relevant operational guidelines, and participation in information security training. It is essential for every employee to understand that maintaining and safeguarding information security is their duty and to integrate this into their daily work.
5. Access control and regulations for bringing in and taking out items should be implemented in the office or information security-controlled area.
6. Necessary security measures should be implemented to protect internal and external networks. Important equipment should have appropriate backup or monitoring mechanisms. Employees are prohibited from connecting external networks to the company's internal network without authorization.
7. Antivirus software should be installed on employees' personal computers, virus signatures should be regularly updated, and the use of unauthorized software is prohibited.
8. Employees should take responsibility for the safety and use of their personal account, password and permissions. Managers should conduct regular reviews and audits.
9. System development should consider the design of security control mechanisms at an early stage. Outsourced system development should strengthen the control of service providers and clearly describe information security requirements in the service contract.
10. Employees should remain vigilant at all times regarding potential security incidents, vulnerabilities or violations of security policies and procedures and report them promptly using established procedures.
11. Establish a mechanism for continuous operational management of the business, conduct regular tests and drills to maintain its applicability.
12. Information security measures should comply with legal requirements and the requirements of the Information Security Policy. The establishment and modification of any information security policy or procedure shall be consistent with and follow the mechanisms of the Information Security Management System.
Chairman & CEO Eddie Chuo
December, 2022