德淵企業

Tex Year Products

GOVERNANCE

In order to strengthen corporate governance and the supervisory and management functions of the board of directors, the company promotes the establishment of various functional committees under the board of directors, including the remuneration committee, corporate sustainability, information security and personal assets and integrity management committees.

 

Information Security & Personal Data Protection Committee

Information Security & Personal Data Protection Committee

In order to improve the information security and personal information management of the group, the company established the "Information Security & Personal Data Protection Committee", which is responsible for formulating internal information security policies, planning and implementing information security, personal information management operations, and promoting and implementing information security policies. Report executive results to the Board of Directors annually.
Our Information Security Policy Vision:
Strengthen employees' information security awareness, avoid information security incidents, implement daily continuous operations, and ensure service availability.

Organization

組織架構

Information Security & Personal Data Protection Committee Information

The Information Security & Personal Data Protection Committee Information is chaired by CEO Donald Hsiao, deputy S&M general manager Tim Tsao is the vice chairman, and manager Sheng Te Chen is responsible for coordinating information security and personal data and other related matters.

Operating situation

The Information Security & Personal Data Protection Committee is the responsible unit of the company's information security, which regularly reports the implementation of the company's information security governance to the board of directors. The latest report date is December 8, 2023, and the content is as follows:

ProjectInformation Security and Personal Data Policy and Preventive MeasuresGroup execution results
1Maintenance of information security and personal data policies and proceduresThe company complies with the relevant laws and regulations to formulate the following measures to comply with internal information security and personal information management operations.
  1. Computer equipment acquisition and maintenance operation standards.
  2. Information system program and data processing operation standard.
  3. Information system files and equipment safety operation standards.
  4. Operating standards for information system development and program modification.
  5. Information and communication security operation standards.
  6. Operating Standards for Information System Disaster Recovery Plan.
  7. Measures for managing the use of communication software.
  8. Procedures for the Personal Data Protection Act.
2Disaster Recovery Plan ExecutionAssess the impact of various man-made and natural disasters on the company's information assets, and formulate disaster recovery plans and test execution; regular 1-2 maintenance of power and motors in the computer room to ensure the continuous operation of the company's business.
3Establishment of software and hardware equipment for information security protectionEquipped with firewall, anti-virus software, anti-spam anti-blocking system, restricting the use of internal network, etc.
4Information Security and Personal Data PromotionIn the company's quarterly meetings, information security and personal data policies, use of legal software, etc. are promoted to enhance the awareness of various business departments and personnel.
5Status of Virus Ransomware CasesSporadic cases of virus extortion have not caused major financial losses to the company through data backup procedures.