ESG
Information Security Management
Information Security Management Committee Structure
In order to improve information security governance, Taihan Technology established an Information Security Committee in December 2022, which can be divided into information control units, including an information director and several professional information personnel, responsible for formulating all internal information management methods and related operations, and build comprehensive information security protection capabilities and good information security awareness among colleagues; and a supervision unit for information security supervision, including an audit supervisor and full-time auditors, who are responsible for supervising the implementation of internal information security. If When deficiencies are discovered, the Ministry of Information is immediately asked to propose relevant improvement plans and specific actions. The Information Security Management Committee is also required to hold at least one meeting per year to help reduce internal information security risks.
Information Security Management Policy
In order to strengthen information security management, Taihan Technology has formulated the “Information Security Management Measures” and passed the ISO 27001 information security certification for the first time in 2023 to ensure the confidentiality, integrity and availability of the company’s internal information and avoid human errors, Natural disasters and other factors may lead to improper use, leakage, tampering, destruction, etc. of information, bringing various possible risks and hazards to the company. Therefore, the establishment of information security management scope includes: data access control, system access control, and network access control to create a safe and trustworthy information operating environment and ensure the security of systems, data, equipment, and networks. It also strengthens the company’s information security education and training, improves employees’ security knowledge, and establishes the concept of “information security, everyone is responsible” to achieve the goals of information security and business continuity.
Information Security Management Plan
category | illustrate | Related measures |
---|---|---|
Account and permission management | 1. Account, password and authority control 2. Password rule requirements | 1. Personnel account permission management and review 2. Regular inventory of personnel account permissions 3. The system forces password changes regularly |
access control | 1. Personnel internal system access 2. Transmission pipeline safety measures | 1. Internal access control 2. External [blocklist] website access control |
External network intrusion | 1. Intrusion from the Internet 2. Personal computer virus invasion | 1. Set up network firewall 2. Use email filtering mechanisms and install anti-virus software |
System availability | 1. Maintain system availability 2. Service interruption handling measures | 1. Daily system backup mechanism 2. Establishment of UPS uninterruptible power supply system 3. Regular restoration drills |
Intellectual Property Management Plan
Taihan Technology has established complete internal regulations on the acquisition and protection of patents, assists and guides employees to obtain intellectual property, and distributes related rewards to increase the competitiveness of the company’s re-view factories. At the same time, it passed the ISO 27001 information security management system for the first time in 2023 to strengthen the protection of the company’s business secrets, and implement corresponding management measures for employees, information and areas involved in confidentiality, to protect confidential documents and employees within the company and with customers. privacy.
Implementation status of intellectual property & information security in 2023 (already reported to the board of directors on 112/11/06)
1. Employees sign confidentiality guarantees, and new employees in 2023 signed a total of 12 copies.
2. Systematic management of business secrets, ISO27001 information security management system verification, ongoing in 2023.
3. Continue to strengthen employees’ awareness of intellectual property protection and strengthen employee education and training. The relevant training hours are as shown in the table below
course | hours/person |
---|---|
General employee safety education and training | 16/16(hours/person) |
ISO27001 related certification tutoring courses | 177/17(hours/person) |
ISO27001 System Lead Auditor Course | 40/1(hours/person) |