.jpg)
Employee health improvement
Information risk control
To reinforce information safety protection, the Company comprehensively promoted the introduction of the information security management system in 2012 and obtained the ISO 27001 information security management system (ISMS) certificate in August 2013. The Company continues to advance its cybersecurity system structure, requires employees to implement information safety management specifications, and build a comprehensive information safety protection force via information assets and risk assessments, monitoring operating impact analysis, business continuity drills, and other systems to include information safety awareness and concepts in the corporate culture and take steps forward to building the zero trust network structure.
| Information safety protection | Protection item |
|---|---|
| EDR information safety protection | EDR |
| MDR | |
| Avoid network or blackmailing software attack | |
| Firewall | Stop hackers from attacking and paralyzing the network |
| Control reasonable network use | |
| Anti-virus software | Stop viruses from damaging corporate data |
| Avoid viruses from affecting work efficiency | |
| Avoid external attacks of viruses from affecting goodwill | |
| Anti-spam | Avoid excessive spam from affecting work efficiency |
| Avoid viruses from being delivered to the Company via e-mail | |
| E-mail sending/receiving record | Record e-mails sent/received and avoid deletion of mails by mistake, virus, and loss |
| For subsequent audits and proof | |
| PC end protection | Peripheral data access control of USB disk/Bluetooth/Network Neighborhood/memory card |
| Instant communication and file-sending control and webmail/cloud disk control | |
| Mobile communication network control | |
| External personnel connection control | Control for the remote access of personnel to corporate resources |
| Control for the WFH access of personnel to corporate resources | |
| Control for mobile communication equipment | |
| Control for external computers | Internet connection control for partners/suppliers/customers when visiting the plant |
| Control for private computers of employees when visiting the plant | |
| Online behavior screening and control | Avoid employees from mistakenly accessing websites with malware |
| Authorize online connection categories based on level and work requirements | |
| Statistics of employees' online behaviors/time/ranking | |
| Record online behaviors and perform anomaly analysis | |
| Anti-virus wall | Stop internal viruses from external attack |
| Stop new variants of malware from attacking | |
| Battle viruses and reduce internal infection opportunities | |
| Centralized control of material figures and text | Stop internal viruses from external attack |
| Centralized control of material files | |
| Knowledge base management and sharing |
We comply with information safety policy requirements via the introduction of the ISO 27001 information security management system and regularly carry out information safety promotion and employee information safety educational training. Internal and external professional auditors and the organization carry out audits of the information safety management system each year, evaluate the information operating status, risk control, and event improvement, and report to the information safety processing team to control and minimize information safety risks.