Management of Information Security


The company established the Information Security Department on June 1, 2020, and set up the Chief Security Officer on March 15, 2022.
The Information Security Department is responsible for company cyber security monitoring and cyber security incident response and investigation.
It regularly assesses cyber security risks and reports to the Chief Security Officer. The Chief Security Officer will report to senior officials and the Board of Directors.
The latest report date to the Board of Directors is November 11, 2025.
Report to the Board of Directors regarding security protection strengthening directions in 2025,
as well as the cyber security protection and implementation status, continue to enhance cyber security,
and ensure the operation of various systems and mechanisms smoothly.

The company's information security protection focuses are as follows:
  1. Formulation and revision of information security policy,
  2. Planning and Implementing information security architecture,
  3. Response to critical cyber security incidents,
  4. Cyber security defense mechanisms and emergency response plans review,
  5. Supervise the implementation of the overall information security plan,
  6. Information security publicity and education training.


The company implements various information management systems in accordance with information security policies and information security management measures to maintain the confidentiality, integrity, and availability of important information systems to ensure the safe and stable operation of IT systems, network equipment, etc.,and achieve sustainable operations. purpose and undertake the following responsibilities.

  1. Account management – management of personnel accounts,authority management and system operation behaviors.
  2. Access control – control measures for personnel’s access to internal and external systems and data transmission channels.
  3. External threats – proactively detect internal and external potential weaknesses, virus alarms and protective measures to improve real-time warning capabilities.
  4. System Availability – system availability status and handling measures and backup and restoration when service is interrupted.
  5. Communication system security – blocking and avoiding unnecessary connections to improve access control security.
  6. Development and maintenance of IT systems- formulate system development security specifications and necessary protection.


Information Security Governance

  1. Company Information security policy - Establish an information security policy and ensure the scope of the company's information security management in accordance with the procedures in the information security management regulations. Promote relevant information security business operations.
  2. Formulate the company's internal information security operating procedures - Formulate detailed information security management procedures or methods based on this area to ensure that the overall Information security. Our company obtained AEO (Authorized Economic Operator) certification in 2016 and passed the ISO27001 certification in Dec. 2022 to provides business partners/customer with a safe and stable high-quality service.
  3. Our company has purchased information security insurance with an insurance coverage of US$5 million.
  4. Strengthen cyber security protection and continue to establish cyber security protection mechanisms.
  5. The company has passed the BSI annual auditing in 2025/10 and continues to maintain the validity of ISO27001 certification.