In order to reinforce information security management and improve the overall information services to ensure the consistency of information and business needs and effectively manage information security tasks, we have formulated the “Cyber Security Risk Management Framework” in accordance with ISO 27001, which covers cybersecurity policies and specific management solutions.

The Company aims to build a strict and effective information security defense. According to the cyber security risk management framework, the Information Security Management Committee has established an information security task force, an emergency response task force, and an audit task force. The Information Security Management Committee coordinates the formulation, implementation, risk management, regulatory compliance and auditing of information security and related policies. The audit supervisor supervises the implementation of information security operations and evaluates the effectiveness of the information security risk management measures of the entire corporate group, and regularly reports to the board on the effectiveness of the operations and systems of the overall information security management organization. In order to effectively promote the Cyber security policy, the Company has appointed a chief information security officer (CISO) and established a dedicated information security unit that has a supervisor and at least two specialists responsible for cyber security-related monitoring and the implementation of various management plans formulated by the Information Security Management Committee. Information security education and training sessions are carried out for all employees regularly. Personnel working in the information security dedicated units need to receive at least 16 hours of specialized information security training.