Stakeholders

Information Security Policy Goals and Advocacy 

Information and Communication Security Policy 

To ensure the smooth operation of the Company’s business and to prevent losses resulting from unauthorized use of information and communication systems—including illegal access, use, control, disclosure, destruction, alteration, or any other intrusive activities—this policy is hereby established. It aims to protect the confidentiality, integrity, and availability (CIA) of information assets and shall be followed by all employees and outsourced vendors. 

1. Establish an Information Security Risk Management Mechanism 

Regularly review and adjust risk-management measures in response to changes in the information security landscape to ensure their effectiveness. 

2. Protect Information Systems and Sensitive Data 

Prevent unauthorized access and tampering to ensure confidentiality and integrity. 

3. Ensure Compliance with Laws and Regulations

All business operations must comply with the “Cyber Security Management Act,” its sub-regulations, and other applicable legal requirements. 

4. Create a Secure and Trustworthy IT Environment

Protect Company data, systems, equipment, and networks to ensure continuity of business operations. 

5. Conduct Regular Information Security Training

Enhance employee awareness of information security; all personnel are required to participate in such training. 

Information Security Objectives 

1. Incident Awareness and Response

Detect information security incidents and complete reporting, response, and recovery procedures within the required timeframes. 

2. Adapt to Regulatory and Technological Changes

Adjust information security controls in a timely manner to prevent unauthorized system use and ensure the confidentiality, integrity, and availability of information and communication systems.

Advocacy of Information Security Policy

The Information Security Policy shall be promoted annually through educational training, internal meetings, and other means to strengthen overall security awareness and reduce the likelihood of information security incidents.