Information Security
Policies, Organization, and Targets
HIWIN has established and published the “Information Security Objectives and Policies” as the guiding principles for information security governance, planning, and implementation to protect the information security of customers, suppliers, and employees and ensure uninterrupted business operations. Protecting and managing information security from the perspective of corporate governance can ensure the confidentiality, integrity, and availability of the IT assets. By doing so, we fulfill the requirements of laws and stakeholders regarding responses to and handling of information security issues.
HIWIN has established the Information Security Management Committee as the designated governing body, chaired by a Director, the President, and the Co-CEO. The chairperson supervises the implementation and effectiveness of information security goals and policies and submits an annual governance report on information security to the Board of Directors.
Within the Information Security Management Committee structure, HIWIN designates specialized groups and departmental Information Security Committee Members (principally department heads). The goal is to achieve cross-departmental integration of information security management, extend information security management measures to every employee, and cultivating a securityconscious culture.
Information Security Certification
HIWIN has established numerous information security management systems and implemented systematic management tools over the years. To evaluate the effectiveness of these systems and ensure that they meet international standards, HIWIN successfully passed the ISO/IEC 27001 certification audit and obtained certificates in March 2023. The certification scope covered key personnel, systems, factories, and data centers associated with the Company’s operations.
Cultivating a Security-Conscious Culture
To implement information security objectives and policies, we provide awareness training on information security to all system-using employees through training and advanced training specifically for system administrators. To cultivate a security-aware mindset, we first aligned security concepts among employees, run security awareness campaigns continuously and put information security management measures into the daily work routine of each employee.
• The training for new employees includes information security awareness and general information security management principles, ensuring that employees assimilate these concepts and attitudes after onboarding.
• Security awareness messages are continuously broadcasted through the attendance clock-in kiosks.
• When employees logon into a computer, a pop-up window automatically appears, displaying information on data protection, intellectual property rights, and basic system security management principles. This ensures that employees routinely incorporate security requirements into their daily work.
• We are committed to protecting information security, employees who violate information security or data protection rules will be subject to personnel disciplinary actions based on the severity of the violation.
Information Security Measures Implemented - Items & Outcomes
Continuous Improvement of Application System Information Security
Since HIWIN develops most of the core information application systems, continuous improvement of information security functions can help achieve the organization’s information security goals and strategies. In 2023, we successfully implemented 182 application security enhancements across eight key areas, including external system protection, technical risk mitigation, system permission control, enhanced identification tracking, software development protection, data security, physical file protection, and optimization of verification mechanisms.
Response to New Information Security Threats