Information Security Policy

1. Establish and implement various information security management regulations in compliance with government laws and regulations (i.e. Information Security Management Act and related sub-laws).

2. Monitor trends in information security, identify internal and external changes, and interact with the needs and expectations of stakeholders. Analyze risks, devise countermeasures, and take actions to reduce operational impact.

3. Set up an information security organizational framework with clearly defined duties and responsibilities to promote protective measures and ensure management accountability.

4. Conduct regular information security training to enhance employees' awareness and understanding of their responsibilities, improving protective consciousness.

5. Regularly inventory information assets and utilize risk assessment mechanisms to effectively control potential impact areas.

6. Strengthen physical and equipment security measures, and perform regular maintenance to ensure normal operation.

7. Establish network transmission rules to protect sensitive documented information and prevent unauthorized access or tampering.

8. Conduct information security audits to identify and address issues, propose countermeasures, and take corrective actions.

9. Implement emergency response plans and conduct regular drills to prepare for unexpected incidents and quickly restore operations.

10. Require outsourced vendors and personnel to sign confidentiality agreements per contractual terms before executing information-related operations.

11. The information security policy should be periodically evaluated to reflect updates in information security management, laws, technology, and operations. Ensure the practicality and effectiveness of information security practices.