• 1. Purpose

    To enhance various information security controls, build a sustainable operational infrastructure and facilities, and maintain the confidentiality, integrity, and availability of the company's important information assets, this information security policy is issued. It ensures the continuous operation of all company data, systems, information and communication equipment, and networks, preventing intentional or accidental damage and complying with relevant regulatory requirements. It also serves as a guideline for the company's information security management operations.

  • 2. Scope

    Since 2020, the company has implemented the ISO27001 Information Security Management System (ISMS) international standard certification, which covers 14 areas of security management that must be followed.

  • 3. Information Security Policy

    The company's information security vision encompasses all security policies, aiming to "implement information security and privacy information management, ensure the security of data, systems, and networks, regulate the collection, storage, use, transmission, and deletion of personally identifiable information, and promote the reasonable use of personal data, compliance demonstration, and fulfillment of contractual requirements, preventing personally identifiable data from being stolen, altered, damaged, lost, or leaked."

  • 4. Organization

    The company has established an Information Security Management Committee, with the Chief Information Officer serving as the information security representative. Meetings are held regularly each year to discuss and review matters related to information security management. The committee is responsible for coordinating the allocation of resources required for the implementation of the information security management system, promoting the effectiveness of the company's information security management system, and ensuring that the system achieves its established goals to enhance the security of business operations.

  • 5. Objectives and Implementation

    The security objectives required to implement the ISMS management system are handled according to the relevant procedures of the information security management objectives. Based on the PDCA (Plan-Do-Check-Act) cycle framework, the achievement and continuous improvement of each objective are ensured.

TOP