Cyber security risk management Framework
To implement the cyber security strategy set by the Enterprise Information Security Office and ensure internal compliance with cyber security-related standards, procedures, and regulations, a “Cyber Security Special Unit” has been established and is led by the MIS Department. This unit is responsible for appointing the Cyber Security Officer and cyber security engineer and arranging professional external training courses on cyber security.
Cyber Security Policy
The company’s cyber security policy aims to maintain the confidentiality, integrity, availability, and legality of company information. The policy is designed to prevent improper use, leakage, tampering, destruction, loss, and other potential risks that may compromise the security of information and assets due to human error, deliberate destruction, and natural disasters that may affect our company’s operations and result in damage to the company’s interests.
Specific management plan
Resources invested in cyber security management
To enhance our capabilities in responding to and managing cyber security incidents, and to safeguard the assets of both the company and its customers, we have established the policy MIS-013 – MIS Information Security Management Measures.
In line with this policy, we conducted internal cyber security and legal software awareness campaigns in January and June 2024. These initiatives aimed to reinforce best practices and compliance across the organization.
< Risk Management >
To mitigate potential risks associated with cyber security, we perform regular backup operations in accordance with the procedure outlined in [IT-2-42-001D Computer Backup Control Procedure]. These backups are designed to prevent data loss and support business continuity.
The Information Management Division is responsible for:
- Establishing and maintaining the cyber security risk management framework.
- Conducting regular reviews of cyber security policies.
- Reporting cyber security status and developments to the Board of Directors.
The most recent report to the Board was presented on November 5, 2024.