Information and Communication Security Policy, Organization and Objectives
Zhen Ding established the " Policy for Information Security Management " based on the three principles of information and communication security management: "Confidentiality, Integrity, and Accessibility"
In 2021, Zhen Ding formally established the Information Security Management Committee. The committee is affiliated to the chairman. It conducts information security officer exchange meetings every week and holds quarterly meetings. The chairman of the Information Security Management Committee is a general manager of the Group's subsidiaries appointed by the chairman of the Board of Directors, who is the highest authority in overseeing the Group's information security work. Each division has appointed representatives to serve as committee members to promote and implement information and communication security policies. At the same time, the company's Board of Directors includes Chen-Fu Chien, an independent director with a professional background in information and communication security, who is responsible for overseeing and guiding the Group's management strategies and planning objectives related to information and communication security.
Zhen Ding introduced the ISO 27001 information and communication management system in 2020 and has obtained ISO27001 certification regularly. The current certificate is valid from May 8, 2020, to May 8, 2023. Through the introduction of the ISO27001 information and communication security management system, the ability to respond to information and communication security incidents is strengthened, and the assets of the company and customers are protected. The company officially joined the TWCERT Information Security Alliance on December 13, 2022, effectively strengthening information sharing with domestic and foreign information security organizations and improving the ability to report information security incidents.
Zhen Ding has set three key management objectives for information security to protect the security of company and customer trade secrets, manage data in a hierarchical manner, properly review and optimize the management measures for company products and customer information, set up a special security zone for customer secrets, and control access to networks, computers and personnel with authorization.
1. Information Equipment Security Management
2. Network and Anti-Virus Management
3. Personnel InfoSec Education and Training
From 2020 to 2022, Zhen Ding has not violated any information and communication security-related laws and regulations, and has not experienced any information and communication security incidents or complaints from customers for violation of their privacy or losing their data:
Total number of information security/cyber security incidents: 0
Number of information security incidents affecting customers’ personal data: 0
Total number of customers affected by information security incidents: 0
Total amount of fines related to information security/cyber security incidents: 0