Customer Complaint Hotline 0800-006-889

Information Security Policy

To ensure the confidentiality, integrity, and availability of information and related resources, and to ensure the overall operation of data, systems, equipment, and networks comply with legal and regulatory requirements, contracts, and supervisory authority demands, the company has established the following information security policy.
 

The company will implement the following information security management measures to achieve the goals of the information security policy

  1. Mobile Device Management:Ensure all mobile devices are approved before accessing the company's network and operational environment.
  2. Remote Work Management:Regulate access permissions for all remote work to ensure information security.
  3. Access Control:Establish comprehensive physical and logical access controls and record all user access activities.
  4. Encryption Management:Encrypt data, documents, or messages classified as 'Confidential' level.
  5. Key Management:Regularly review the effectiveness of keys used by the company.
  6. Physical Security:Implement access controls to prevent unauthorized access or damage to company information assets.
  7. Desktop Clear Policy:Specify that employees should not store 'Confidential' level information on their desktops.
  8. Backup Policy:Backup information systems and data according to availability requirements and conduct regular preservation and restoration tests.
  9. Outsourced Vendor Information Security Policy:Ensure outsourced vendors meet information security management requirements and conduct necessary management and audit activities.
  10. Awareness and Training:All employees must undergo relevant information security education and training.
  11. Information Asset Protection:Provide appropriate protection for critical information assets required for the operation of each department.
  12. Administrative Oversight:Department heads must ensure the effective implementation of this policy within their departments.
  13. Reporting and Handling:Establish reporting and handling procedures for information security incidents.
The company will continually enhance and improve the information security management system to address potential future information security threats and ensure that our data and systems operate in a secure environment.
We expect all employees to collectively uphold the information security of the company and adhere to this policy.