Information and Communication Security Management
Submitted to the board of directors on December 30, 2025.
Investment in telecommunications security management resources and implementation status
To enhance the company’s information security and stable operation, provide reliable information services, ensure the confidentiality, integrity, and availability of information systems, raise user awareness of information security, and implement various management operations.:
| Item | 2025 Implementation Status |
|---|---|
| Information security advocacy | Information security awareness efforts were communicated through the public announcement system, with the following initiatives carried out: ☑ Information Security Awareness Session(2025/1/8、2025/5/14) ☑ Information Security Education & Training (2025/8/27) ☑ Information Security Awareness Session(2025/3/13) |
| Audit Activities | Information Security Inspection and Audit(2025/12) |
| Information Security Drills | Backup System Restoration Drill(2025/7/25) |
| Joint Defense Organization | TWCERT Membership |
| Information Security Meeting | One information security meeting was held in 2025. The first meeting took place on May 27, 2025, covering the following key topics: ☑ 2025 cybersecurity requirements for listed companies issued by the competent authority. ☑ Information security framework, implementation procedures, control methods, and evaluation of applicable information security products. ☑ Strengthen email defenses to avoid new scams |
Education and Training
| Date | Title of class/Certificate | Number of class hours/Number of people |
|---|---|---|
| 2025/11/20 | Digital Fortress AI Defense Conference | 3/2 |
| 2025/10/17 | Oracle Database Security Protection | 3/1 |
| 2025/8/19 | New Microsoft Security Threat Protection Solution | 5/3 |
| 2025/7/24 | Comprehensive Data Mastery for a New Era of Storage | 3/5 |
| 2025/6/23 | .tw Domain Security Integration Service Seminar | 1/3 |
| 2025/6/13 | From Regulatory Requirements to Practical Implementation: Zero-Trust | 1/3 |
| 2025/11/20 | Architecture Implementation Strategy | 3/2 |
Information Security Incidents
| Information Security Indicators | Customer Complaints Related to Information Security | Incidents Involving External Attacks, Data Theft, or Virus Threats | Information System Failures or Equipment Malfunctions Affecting Operations |
|---|---|---|---|
| Incident Statistics for 2025 (case): | 0 cases reported | 0 cases reported | 0 cases reported |
Updates of machinery, equipment and systems:
With the advancement of technology and network, the Company relies on the Internet to conduct business transactions. In order to improve efficiency, it has gradually moved towards the digital form. However, the accompanying internal and external attack threats pose a serious threat to the Company’s information security, and to avoid data damage and leakage, which may affect the rights and interests of the Company and customers.
The Company’s existing network structure is complex and has been in operation for many years. The equipment is old and lacks an internal firewall system. In the event of an information security incident, it cannot effectively defend against threats. Replace old network equipment and add information security equipment to partition network data flow between floors and effectively filter threats from viruses and Trojan horses.
Firewalls are newly added to the Company’s floors and mainframe server clusters to isolate network broadcast packets, and various security modules such as IPS, Anti-Virus, Anti-bot, DDos, and Threat-Emulation are used to effectively defend against information security threats.
The related expenses in 2023 totaled NT$2,766 thousand.