Information Security Risk Management
On December 22, 2021, our company established an "Information Security Committee" and formulated an information security policy. We implement relevant preventive operations in accordance with the information security control measures outlined in the information security policy, and hold regular annual meetings to review the company's information security policy and its implementation results.
On December 24, 2025, the Information Security Committee held a meeting to review the implementation of information security projects for the year, including the feasibility assessment of ISO 27001 implementation, prevention of email fraud and erroneous remittance risks, assessment of confidential files in the asset management system, the increased risk of theft due to unencrypted image files, and the assessment of EDR & MDR implementation to prevent hacker attacks. No incidents endangering information security occurred during the year, and the report was submitted to the Board of Directors on January 12, 2026.
Information security is an important issue in the company's operations. The resource plans and resources invested in response to information security management matters are as follows:
●Dedicated manpower: On November 6, 2023, the board of directors decided to set up a dedicated information security supervisor and an information security personnel each to be responsible for the company's information security planning, technology introduction and related audit matters to maintain and continuously strengthen information security.
(The information security supervisor will obtain the CMMC professional certification certificate in June 2024)
●Customer satisfaction: There are no customer complaints that endanger information security.
●Information Security Announcement: Prepare information security related announcements and e-mails to convey important regulations and precautions for information security protection.
■ Information Security Policy |
|
