-
- Information Security Policy
TongHsing Electronics Industry Co., Ltd.
Information Security Policy
Objective
- TongHsing Electronic Industry Co., Ltd. (hereinafter referred to as the Company) hereby formulates this policy in order to ensure the confidentiality, integrity and availability of its information assets, to comply with the requirements of relevant laws and regulations such as information security management, and to protect it from internal and external deliberate or accidental threats.
Scope of application
- This policy applies to all employees, outsourced service providers, data users (including custodians) and visitors of TongHsing Electronic Industry Co., Ltd.
- In order to avoid the occurrence of improper use, leakage, tampering and destruction of information due to human negligence, deliberate or natural disasters, and to avoid the possible risks of various information security hazards to the Company.
Target
In order to maintain the confidentiality, integrity and availability of the Company's information assets, the following objectives are expected to be achieved through the implementation of this Policy:
- Establish a safe and reliable information operating environment to ensure the security of the Company's data, systems, equipment and networks, so as to ensure the continuous operation of the Company's business.
- To protect the security of the Company's business services and to ensure that information is only accessible by authorized personnel to ensure its confidentiality.
- To protect the security of the Company's business services from unauthorized modification and to ensure their correctness and integrity.
- Establish the Company's business continuity operation plan to ensure the continuous operation of the Company's information business services.
- In order to protect the security of the company's business and service-related information, from external threats, or improper management and use by internal personnel, it will be stolen, tampered with, damaged, lost, or leaked.
- Ensure that the implementation of the Company's various operational services must comply with the requirements of relevant government laws and regulations (such as Criminal Law, State Secrets Protection Law, Patent Law, Trademark Law, Copyright Law, Personal Data Protection Law, Information Security Guidelines for Listed Companies, etc.).
Liability
- The Company shall establish an "Information and Communications Security Management Committee" to coordinate the promotion of information and communication security matters.
- Management should support the ICT security management system and provide relevant resources to ensure the implementation of the ICT security policy.
- All employees of the Company, outsourced service providers, data users (including custodians) and visitors shall comply with this policy.
- All employees of the Company, outsourced service providers and data users (including custodians) are responsible for reporting information security incidents or vulnerabilities through appropriate reporting mechanisms.
- Any act that endangers the security of information communication will be investigated for civil and criminal liability depending on the severity of the circumstances, or will be dealt with in accordance with the relevant regulations of the company.
Manage metrics
- In order to measure the achievement of ICT security management objectives, the Company shall set relevant management indicators and monitor, evaluate, and improve them on a regular basis.
- The Company's information security organization and personnel shall be reviewed regularly to ensure the progress of information security work.
- Employees should be provided with appropriate information security-related training in accordance with their duties and responsibilities in accordance with the requirements of the competent authority.
- The environmental security of the Company's information assets shall be strengthened, and appropriate protection and authority control mechanisms shall be adopted.
- We shall ensure that the information is not disclosed to unauthorized third parties.
- Access control shall be strengthened to prevent unauthorized and improper access to ensure that the Company's information assets are properly protected.
- The development of the company's information and communication system should meet the security requirements, and carry out technical testing and repair on a regular basis.
- It shall ensure that all information security incidents or suspected security vulnerabilities are responded to in accordance with the appropriate reporting mechanism, and are appropriately investigated and handled.
Management Review
- This policy shall be reviewed at least once a year to reflect government laws and regulations, information security standards, technology, requirements of competent authorities and the actual needs of the operation of the company's management system, so as to ensure the sustainable operation of the company's business.
Implement
- This policy shall be reviewed by the "Information and Communications Security Management Committee" of the Company and approved by the General Manager for implementation, and shall be the same when revised.