Information Security Policy and Objectives

Information Security Policy Statement

Strengthen Information Security Protections to Ensure Operational Safety

Information Security Policy

This Information Security Policy is established to ensure the smooth operation of information systems, information services, and network status, and to mitigate risks caused by human error, intentional acts, or natural disasters. The purpose is to prevent unauthorized access, use, control, disclosure, destruction, alteration, deletion, or other forms of harm, and to safeguard the confidentiality, integrity, and availability of information assets.

Information Security Objectives

• Ensure compliance with government laws and regulations related to information security.
• Monitor information security trends, assess risks, and implement measures to reduce operational impact.
• Establish an information security structure, assign responsibilities, and promote protective actions.
• Provide security training to employees to raise awareness and clarify responsibilities.
• Regularly assess and manage information assets and associated risks.
• Strengthen physical, environmental, and equipment security with regular maintenance.
• Set network rules to protect sensitive information and prevent unauthorized access.
• Perform security audits, address findings, and apply corrective actions.
• Develop and practice emergency response plans for quick recovery from incidents.
• Define information security responsibilities and confidentiality, including non-disclosure agreements.
• Gather cybersecurity intelligence and implement proactive monitoring.
• Regularly review and update the security policy to reflect changes in laws, technology, and operations.