Information Security Policy
“Risk management and regulation compliance.
Defense in depth and strengthen response to incident.
Sensitive files be archived and backed up.
Information security is everyone’s responsibility."
- To ensure the Confidentiality, Integrity, and Availability (CIA) of company information, and commit to regulation compliance of management systems and processes.
- Strengthen the defense-in-depth capability from the four aspects of organization, personnel, process, and technology, harden the resilience of the core information system, and ensure continuous operation.
- Regularly review the effectiveness of risk management measures and emergency handling procedures for information security incidents in response to changes in internal and external information security situations.
- Solidify data protection and backup/restore operations to avoid improper use, tampering, damage ... of information assets due to human error, deliberate actions, or natural disasters, which will affect business operations and cause damage to the company's benefits and competitiveness.
- To properly protect customer information and privacy data, regardless of which region or country the customer is in or whether there is legislation in that region.
- To conduct training, employees should participate in the training to improve information security awareness and personal protection capabilities of themselves.
ISO 27001 Information Security Management System Certificate