To ensure that our company’s ISMS (Information Security Management System) meets practical needs, we maintain the confidentiality, integrity, and availability of our important information systems to support smooth business operations. This policy serves as a high-level guiding principle, and all employees and outsourced vendors are obligated to actively participate in promoting the information security policy. This ensures the secure operation of all information systems, and we expect everyone to understand, implement, and maintain it to achieve the goal of continuous information operation in line with our company’s business execution.

1. Implement Information Security and Enhance Information Service Quality

Implement ISMS thoroughly. All information-related measures should ensure the confidentiality, integrity, and availability of data, protecting it from risks such as leaks, damage, or loss due to information security threats. Select appropriate protective measures to reduce risks to an acceptable level, and carry out monitoring, review, and auditing of the information security management system to enhance service quality and improve service standards.

2. Strengthen Information Security Training and Comply with Legal Requirements

Strengthen information security training and supervise all employees to implement information security management. Continuously conduct appropriate information security education and training, establishing the concept that “information security is everyone’s responsibility.” This helps employees understand the importance of complying with relevant legal requirements, thereby increasing information security awareness and capabilities, reducing information security risks, and meeting the requirements of information security management laws and personal data protection laws.

3. Plan for Continuous Operation and Rapid Disaster Recovery

Develop emergency response plans and disaster recovery plans for critical business core information systems. Conduct emergency response drills every two years to ensure rapid recovery in case of information system failure or major disaster events, maintaining the continuous operation of critical core information systems to ensure smooth execution of our company’s main business.