Information Security Policy Statement

Purpose Our company strengthens various information security controls, builds a sustainable operation infrastructure, and maintains the confidentiality, integrity and availability of the company's important information assets. This information security policy is hereby issued to ensure the normal operation of all the company's information systems. This policy also serves as a guideline for the company's information security management operations.

Scope of Application Our company began to import ISO27001 Information Security Management System (ISMS) international standard certification in 2020. This standard covers 14 security management areas that should be followed.

Information Security Policy The company's information security policy is "implementing information security and privacy information management, ensuring data, system and network security, regulating the collection, storage, utilization, transmission, and deletion of personally identifiable information, and promoting the reasonable use and compliance of personal information, display and meet contractual requirements to prevent personally identifiable information from being stolen, tampered, damaged, lost or leaked.”

Organization Our company has established an Information Security Management Committee, with the chief information officer as the information security representative, and holds regular meetings every year to improve the security of business operations.

Goals and Execution The safety goals that our company needs to achieve in the implementation of the ISMS management system are handled in accordance with the provisions of the relevant procedures for the safety management goals of information security to ensure that all goals are achieved.