top of page

Information Security Management 

[Information Security Risk Management Framework]

The company has established an Information Security Team as a project organization and appointed a Chief Information Security Officer (CISO) responsible for formulating and implementing information security policies. The team members implement security control measures, promote information security awareness, enhance employees’ security awareness, and collect and improve the information security management system.

 

The Internal Audit Department conducts an annual security audit of the internal control system to evaluate the effectiveness of internal controls within the company’s information operations.

 

[Information Security Policy]

 

To implement security management, the company has established internal control systems and information management procedures. Through the collective efforts of all employees, we aim to achieve the following policy objectives:

  • Ensure the confidentiality and integrity of information assets.

  • Ensure access to data is regulated by departmental functions.

  • Ensure the continuous operation of information systems.

  • Prevent unauthorized modification or use of data and systems.

  • Regularly perform security audits to ensure the implementation of information security measures.

Therefore, the company has established its information security guidelines and policies:

Guidelines:

In compliance with national information security laws, customer confidentiality requirements, and secure business continuity practices, we aim to maintain the safety of information and communication security operations, implementing all necessary security measures.

Policies:

  1. Centralized control of software and hardware systems.

  2. Application system account protection to prevent hacking.

  3. Confidentiality with preemptive and retrospective measures.

  4. Full vigilance on trade secrets.

 

[Management Plans]

  1. Computer Equipment Security Management

  • Computer hosts and backup hard drives are stored in a server room, managed by designated IT personnel.

  •  The server room is equipped with an independent air conditioning system to maintain an optimal temperature for equipment.

  • The server room includes uninterruptible power supply (UPS) and voltage stabilization equipment to prevent system crashes from power outages and to ensure system continuity during temporary power losses.

     2.  Network Security Management

  •  The company isolates internal and external networks using firewall equipment; all application servers are centralized at the headquarters’ physical server room with no use of cloud-based hosting.

  •  A Virtual Private Network (VPN) is implemented, requiring employees to use VPN accounts for remote access to the company’s internal systems, with audit logs for all access records.

  •  The email system can flag keywords for audit before external transmission, and all email activities are logged. Additional parameters for targeted anti-email attack measures are enabled, including IP address blocking and automated shutdowns.

  •  Internet access control and filtering devices are in place to block harmful or unauthorized websites and contents, enhancing network security and preventing bandwidth misuse.

    3. Virus Protection and Management

  •  Every computer has antivirus software installed, configured for regular updates, and automatic monitoring.

  •  The email server includes virus and spam filters to prevent viruses or spam from reaching end users.

    4. System Access Control

  • Employee access to application systems follows an internal application procedure, requiring supervisor approval. The IT department creates accounts, and system administrators grant permissions based on requested functionality.

  • Password policies mandate adequate strength and complexity, including a mix of characters, numbers, and symbols.

  • Upon employee termination, the IT department deletes all system accounts per the HR termination notice.

     5. Ensuring System Continuity

  • System Backup: A backup system is in place with daily backups and offsite tape storage to ensure data and system security.

  •  Disaster Recovery Drills: Conducted annually to verify the accuracy and effectiveness of backup media.

  • Network Redundancy: Multiple data lines are rented from telecom providers, utilizing bandwidth management equipment for backup, ensuring uninterrupted network communications.

    6. Information Security Awareness and Training

  •  Security Awareness: The IT department periodically disseminates information security news for awareness.

  •  Education and Training: Annual information security training sessions are arranged for employees.

 

[Resources Dedicated to Information and Communication Security Management]

  1.  The company has built an information security defense network, including the server room, network equipment, connections, and personal information device management, to protect employees’ personal data, company confidential data, as well as customer and supplier information.

  2.  Annual information security training and periodic updates on information security are provided, continually raising employees’ security awareness.

  3.  Dedicated personnel are assigned for daily system checks, weekly backup verification, annual disaster recovery drills, and internal and external audits on information security processes.

Tel.  03 211-5688

No.40 , Keji 1st. Rd,

Gueishan, Taoyuan 333, Taiwan

© 2024 by JENTECH 

bottom of page