Information Technology System Security
Information technology systems play an important role in the Company’s business operations and growth. The Company has therefore established a systematic approach to information and information system security, covering policies, action plans, and clearly defined operating procedures. These are communicated to relevant internal and external parties to ensure that operations comply with applicable laws, relevant requirements, and international standards, thereby protecting the Company’s information and strengthening confidence among all stakeholder groups.
The Company has established an Information Technology System Security Working Group, comprising the Chairman of the Executive Committee and executives from relevant functions, with the following structure:
; ?>)
Role and Responsibility
- The Board of Directors is responsible for approving policies and measures for maintaining the security of the information technology system, and places importance on preventing potential issues arising from improper use of the information technology network by users and from various threats.
- The working group, led by the Chairman of the Executive Committee, is responsible for overseeing operations to ensure compliance with laws and other official requirements, with information security risks assessed under the risk management framework.
- Employees are responsible for complying with policies, procedures, instructions, and operating manuals relating to information system security measures.
- The working group is responsible for overseeing operations to ensure alignment with relevant standards and laws, as well as establishing corrective and preventive measures while enhancing the efficiency of operational processes. Performance results are reported to the Audit Committee and the Risk Management Committee at least once a year.
Information System Security Guidelines
- Install systems to prevent data leakage from external attacks or computer virus threats by implementing network security software (Firewall).
- Require updates to data access authorization to prevent data leakage.
- Establish a data backup plan and conduct reviews to ensure that data backups are performed correctly in accordance with the Information Security Policy and information system security measures.
- Conduct internal communication to raise awareness and instill a sense of responsibility among employees regarding the proper and appropriate use of technology, such as refraining from downloading unauthorized programs and avoiding opening emails from unknown sources.
- Prepare a manual on personal data protection and information security, and establish a Business Continuity Plan (BCP) to prevent and respond to business disruptions caused by threats to information technology systems.
- Engage external experts to serve as Information Technology Auditors (IT Auditor), responsible for assessing the adequacy of internal controls and risk management relating to information technology systems, with audit results reported directly to the Audit Committee and the Risk Management Committee.
2025 Performance
The Company conducted 2 information system recovery plan drills to test its emergency response plan. The Company also engaged an external party to review its information technology controls. Following the review, the results and recommendations were discussed with management, including a review of policies and procedures for managing access rights to improve the Company’s work processes and make them more robust and efficient. In addition, the Company promoted employee knowledge of cybersecurity through training provided by an external party, encouraged employees to study and monitor technology updates and cyber threats, and communicated relevant information through the Company’s internal intranet system to enhance awareness and preparedness. In 2025, the Company recorded no information technology security incidents.
; ?>){kind=icon}
; ?>)
; ?>)