INFORMATION SECURITY POLICY
 

 

1. Information Security Risk Management "Framework" :
The Information Department, under the supervision of the General Manager's Office, is responsible for coordinating information
security and related matters. The specialized unit for information security is the Information Section, with the Information
Section head serving as the security manager.

 

 

 
   
   
 

Information and Communications Security Policy
1. Maintaining the Continuous Operation of Information Systems.
2. Ensuring the Confidentiality, Integrity, and Availability of Information.
3. Preventing Intentional and Unlawful Misuse by Humans.
4. Avoiding Human Errors and Accidents.
5. Preventing Intrusions and Damage from Hackers, Viruses, and Similar Threats.
6. Maintaining Physical Environment Security".
7. Aligning with national information and communication security policies to enhance information security defenses, achieving proactive business continuity objectives.

The scope of information security management in our company includes:
1. Information Security Organization and Responsibilities.
2. Management of Information Security Documents and Records.
3. Information Asset and Risk Assessment Management.
4. Authorization and Protection Management of Information Equipment.
5. Network and Communication Management.
6. System Development and Maintenance Management.
7. Information Security Incident Management.
8. Information Security Audit Operations.
9. Office Information Operations Management.
10. Permission Management for Application System Usage.

   
   
 

Specific Information Security Management Plans and Resources

2-1. Physical and Environmental Security Management

Computer equipment security and data center control management encompass hardware environment control, power supply, cable security,
and equipment maintenance.
The disposal of physical information assets and equipment is managed uniformly by the Information Department in accordance with the
procurement process and disposal procedures to prevent the leakage of personal information.

2-2. Software Usage Security Management

Our company strictly prohibits and forbids the use of illegal pirated software. The software used within the company has been authorized
by the respective vendors. Without prior consent from the company's management and the head of the Information Management Department,
downloading or installing software is strictly prohibited to avoid any infringement of intellectual property rights, violation of laws,
or activation of malicious executables.

2-3. Perimeter Security Management

To achieve effective security control, personnel entering and exiting must carry identifiable identification cards and use personal fingerprint
recognition. Information support or maintenance service personnel are only allowed access when accompanied by Information Management Department personnel or when granted specific authorization. Records of entries and exits should be maintained.

2-4. The resources for network security and information communication security management

2-4-1. The resources for network security management :
The Information Department manages the network system to ensure its smooth operation. It installs devices such as firewalls and information
security protection to prevent illegal intrusions that could compromise the company's trade secrets and personal data. Additionally, the
internal network and host systems retain complete records of all personnel logging in and out of the system。

2-4-2. Data Security Management:
Access control and data storage security are strictly enforced through password management and regular data and software backups. For critical information, a mechanism of storing data in remote locations is implemented.

2-4-3. Data Encryption Management:
A. To maintain the confidentiality, integrity, and availability of our company's assets, document files and research development drawings
undergo document data encryption management. Additionally, there is control over the usage of USB drives.

B. Any document taken out or provided to suppliers requires a decryption request process. Decryption can only be done with the approval and
signature of the General Manager. Graphics files need to be archived by document control personnel before being forwarded by IT personnel
via the company's dedicated email.

   
   
 

Major Information Security Incidents

Our company cannot guarantee complete avoidance of malicious attacks from third parties causing network system disruptions.
However, until the end of December 2024, no malicious network attacks affecting the company's regular operations have occurred.

   
   
 

Allocate resources to cybersecurity management

 

Solution

Conten

Results

Network Security

1. Implement a network firewall to block external cyberattacks.
2. Establish endpoint protection to prevent computer viruses and hacker intrusions.
3. Install antivirus software on computer equipment.
4. Set up SSL certificates for the company website.

* Antivirus software installation on computer equipment: 100% coverage.
* Firewall setup and updates in the plant: 100% completion.
* Antivirus software updates: 100% completion.
* SSL certificate setup to enhance website security.。
* To ensure information and network security, a total of NT$666,488 was invested in 2024.

Data System Security

1. Establish a data backup mechanism, backup crucial system data, and conduct regular restoration drills.
2. Virtualize critical application systems and perform daily system backups.
3. Implement document encryption software.

* 100% backup of the server system.
* 100% backup of crucial data.
* Periodic virtual server restoration drills, four times per year.
* Zero incidents of company confidential document leaks.

Educational Training

Company cybersecurity education and training.

* Irregular promotion of information security and explanations.

Employee Information Security

Sign the employee information security usage guidelines

* New employees are required to sign the "Personal Computer Usage Policy."
* A total of 27 new employees signed the "Personal Computer Usage Policy" in 2024.

   
   
   
   
   








 
 
 
 
 
   
   
   
   
   
   
   
   
   
     
     
     
     
     
     
 
 
 
Copyright®2008 CHIEFTEK PRECISION CO., LTD All Rights Reserved.
Product information is subject to change without notice. If there is any inconsistency with the real products, we will not bear any legal responsibility.