Information and Communication Security Policy, Organization and Objectives
Zhen Ding established the " Policy for Information Security Management " based on the three principles of information and communication security management: "Confidentiality, Integrity, and Accessibility"
In 2021, Zhen Ding formally established the Information Security Committee. The Chief Information Security Officer (CISO) is now responsible for supervising information security management and is directly responsible to the CEO, with management executives as members. Meetings are held quarterly to formulate and review information security management goals, policies and procedures. In order to effectively implement the information security management policy, the company has set up a dedicated Information Security department in addition to the original Information Technology department responsible for the establishment of information-related systems. The chief information security officer serves as the highest supervisor of the group's information security work. The department has set up an information security management team, an information security operation and maintenance team, an information security technology team, and an information security audit team, which are staffed by full-time personnel from the Information Security Department. In addition, an Information Security Task Force has been set up, with representatives appointed by each division. As an executive member, he is responsible for the dissemination and implementation of information and communications security policies to ensure the continued sound operation of the company's business. At the same time, the company's Functional Committee of Audit and Risk Committee is responsible for overseeing and guiding the Group's management strategies and planning objectives related to information and communication security. The Committee Chair is Chen-Fu Chien, an independent director with a professional background in information and communication security.
Zhen Ding introduced the ISO 27001 information and communication management system in 2020 and has obtained ISO27001 certification regularly. The current certificate is valid from May 9, 2023, to Oct 31, 2025. Through the introduction of the ISO27001 information and communication security management system, the ability to respond to information and communication security incidents is strengthened, and the assets of the company and customers are protected. The company officially joined the TWCERT Information Security Alliance on December 13, 2022, effectively strengthening information sharing with domestic and foreign information security organizations and improving the ability to report information security incidents.
Zhen Ding has set three key management objectives for information security to protect the security of company and customer trade secrets, manage data in a hierarchical manner, properly review and optimize the management measures for company products and customer information, set up a special security zone for customer secrets, and control access to networks, computers and personnel with authorization.
1. Information Equipment Security Management
2. Network and Anti-Virus Management
3. Personnel InfoSec Education and Training
From 2022 to 2024, Zhen Ding has not violated any information and communication security-related laws and regulations, and has not experienced any information and communication security incidents or complaints from customers for violation of their privacy or losing their data:
Total number of information security/cyber security incidents: 0
Number of information security incidents affecting customers’ personal data: 0
Total number of customers affected by information security incidents: 0
Total amount of fines related to information security/cyber security incidents: 0
