1. Information Security Policy Prospect: Increase the personnel acknowledgement. Prevent data leakage. Implement on daily operations. Ensure the service availability.
• Conduct information security training and educate employees on information security awareness and corresponding responsibilities.
• Protect Innolux operational information and avoid unauthorized access and modifications to guarantee information integrity.
• Audit internally on a regular basis to ensure all relevant operations implemented.
• Ensure that the company’s core systems maintain a certain level of system availability.
2. Continuously Improving Information Security Systems
• To establish a dedicated information security department to coordinate and implement the information security policies.
• Regularly perform internal audits and information security governance assessments to ensure that operations meet standards continuously.
• Maintain ISO 27001 and TISAX AL3 international security certifications.
• Establish proactive information security detection and defense mechanisms to enhance overall information protection capabilities.
3. Ensuring Integrity and Protection of Data
• Protect company’s business information from unauthorized access, modification or destruction.
• Regularly check data accuracy and system integrity to ensure the availability of critical information.
• Implement external information security solutions to continuously optimize information maintenance and operation process.
4. Monitoring and Responding to Information Security Threats
• Regularly conduct operational response and security drills to strengthen response capabilities.
• Join international information security organizations (e.g. FIRST), collaborate with TWCERT and SP-ISAC for intelligence sharing.
• Insure information security insurance to reduce the risk of operational losses from information security incidents.
5. Establishing Personnel Information Security Management and Education Awareness Campaigns
• Conduct information security training to enhance employees’ information security awareness and responsibility.
• Conduct cybersecurity awareness month activities to continuously enhance the information security culture among all employees.
• Strengthen the specific information security responsibilities of each department and position through campaigns and daily implementation.
6. Establishing Information Security Requirements for Supply Chain
• Require third parties to comply with the company’s information security policies and relevant operating standards to reduce information security risks from supply chain.
The information security department is responsible for coordinating and implementing the company’s information security policy, publicize information security information to enhance the employees’ information security awareness. Regularly report information security achievements to the Chief Information Security Officer, General Manager and Chairman. The Chief Information Security Officer reports information security governance matters to the Board of Directors annually. Evaluate the effectiveness of company’s internal control over information operations. To build "proactive information security detection and defense" framework to protect the confidentiality, integrity, and availability of information. Thereby reducing the risk of unauthorized use, damage or disclosure of information.
Download ISO 27001