Information Security Management Framework

The company has established an independent and professional information security management department, which is responsible for information security planning and implementation, in order to provide security defense capabilities for all colleagues.

1. Information Security Management Principles

Aiming to meet the requirements of domestic and foreign laws and regulations with all information operations. From our record and customer responses, there have been no cases of data or privacy lost.

2. Network Security

The main methods are to reduce the probability of being attacked and increase the difficulty of intrusion:

  1. Reduce unnecessary entry protocols: Minimize the number of services placed on the Internet, such as FTP or websites. Corporate websites are hosted by professional service providers to avoid being the target of attracting corporate network attacks.
  2. Establish defense mechanisms from external firewalls to internal anti-virus software, encrypted lines, etc. to increase the difficulty of intrusion:

  1. Office in different location uses MPLS VPN for connection,increaes the secuity of data exchange.
  2. Set up firewalls at offices in Taiwan, Suzhou, and Thailand to separate internal and external networks, and use behavior control accounts (AC) to manage users’ network behavior.
  3. Establish internal network anti-virus management, computer anti-virus software updates in the domain, observe computer status and take necessary actions in real time to avoid the expansion of virus spreading.
  4. Establish Anti-mail spam in our mail servers. Adjustments are made according to the actual situation, and DNS SPF rules are established to reduce the probability of email scams.

3. Data Security

Data backup and management measures to reduce opportunities for data outflow:

  1. Establish a complete backup mechanism, and establish a backup and restore mechanism and offsite backup for File server, DB, and important services respectively.
  2. Manage users ‘network usage with permissions, including E-mail, internal public folders, general Internet browsing, and monitor users’ network behavior.
  3. Relevant education and training for Internet users. Any personal data, personal information will only be collected after approval.

4. Information operation specifications

Establish an internal audit mechanism for various operating processes, including access control of computer room personnel, server backup records, network behavior records, and account application permission/cancellation mechanisms for various systems. During annual internal audits, check information security projects and confirm equipment. After assessing whether the implementation of the information security control and system recovery tests is correct, report the results of the audit to the board of directors and introduce external audits, such as the annual audit of accountants, to confirm that the various mechanisms are effectively implemented.