To ensure the effective implementation, operation, supervision, and continuous improvement of the company’s Information Security Management System (ISMS), and to safeguard the confidentiality, integrity, and availability of our critical information systems, we hereby establish the Information and Communication Security Management Policy.
This policy aims to provide clear guidelines for employees in their daily work. All employees are obligated to actively participate in promoting the Information and Communication Security Management Policy to ensure the secure operation of all company personnel, data, information systems, equipment, and networks. We expect all employees to understand, implement, and maintain this policy to achieve the goal of continuous information operations.
Implement Information Security, Enhance Service Quality
Strengthen Security Training, Reduce Security Risks
Ensure Emergency Response, Maintain Business Continuity
Implement Information Security, Enhance Service Quality
All employees shall fully implement ISMS, ensuring that all information-related operations protect the confidentiality, integrity, and availability of business data. These measures should safeguard against risks such as leaks, destruction, or loss caused by external threats or improper internal management. Appropriate protective measures should be selected to reduce risks to an acceptable level. Continuous monitoring, review, and auditing of the information security management system should be carried out to enhance service quality and improve service levels.
Strengthen Security Training, Reduce Security Risks
All employees must be supervised in implementing information security management. Regular and appropriate information security education and training shall be conducted annually to establish the concept of "Information Security is Everyone’s Responsibility." Employees should understand the importance of information security, comply with security regulations, and enhance awareness and emergency response capabilities to reduce information security risks.
Ensure Emergency Response, Maintain Business Continuity
Business emergency response and disaster recovery plans shall be formulated for critical information assets and key business operations. Regular drills of key business processes shall be conducted to ensure that in the event of information system failures or major disasters, rapid recovery can be achieved. This will ensure the continuous operation of critical business functions while minimizing potential losses.
Chief Information Security Officer: Announcement Date:2024/06/24