To strengthen the information security management of our company and ensure the security of data, systems, and networks, Tairoun Products has formulated an Information Security Protection Plan in accordance with the 'Information Security Control Guidelines for Listed and Over-the-Counter Companies.' The Information Planning Division of our company is responsible for the relevant information security tasks, and in the year 112, one Information Security Manager and one dedicated Information Security personnel were appointed based on the Level 2 Information Security Notification.
The internal management structure is as shown in the diagram :
Tairoun Products Co., Ltd. Information Security Management Policy
The purpose of formulating the Information Security Policy of Tai Rong Industrial Co., Ltd. (hereinafter referred to as "Tai Rong") is to enhance the security and stability of information and communication operations, provide reliable information and communication services, ensure the confidentiality, integrity, and availability of information assets, and promote various business activities of Tai Rong smoothly. This policy is established as the highest guiding principle for information security management at Tai Rong in accordance with the regulations of the Information Security Management Act and its subsidiary laws.
This policy applies to Tai Rong employees, vendors and third-party personnel who have access to business information or provide services to Tai Rong.
- Ensure the confidentiality of business-related information, safeguarding company secrets and personal data.
- Ensure the integrity and availability of business-related information, enhancing operational efficiency and quality.
- Align with national and policy-driven initiatives to enhance information security capabilities.
- Comply with national laws and regulations as well as the company's standards to achieve the goal of continuous business operations.
- Consider relevant legal regulations and operational requirements, assess the security needs of information and communication operations, establish related procedures to ensure the confidentiality, integrity, and availability of information assets.
- Establish the company's information security organization and define roles and responsibilities to facilitate the implementation of information security operations.
- Implement various mandatory tasks according to the classification of information security responsibilities.
- Establish an information security incident reporting and response mechanism to ensure proper response, control, and handling of security incidents.
- Conduct regular information security audits to ensure the effective implementation of information security management.
This policy is approved by the General Manager and is reviewed at least annually, or when there are significant organizational changes (such as organizational restructuring, significant business changes, etc.). It is subject to appropriate revisions based on the evaluation results, relevant laws and regulations, technological advancements, and the latest developments in business. Any revisions must also be approved by the General Manager.
Tairoun Products Co., Ltd. has established the "Information Security Maintenance Plan" in accordance with Article 10 of the Information Security Management Act and Article 66 of the Enforcement Rules. The plan applies company-wide, and each year, various information security tasks are executed in accordance with the plan. These tasks include firewall maintenance, employee internet access control mechanisms, antivirus operations, system updates, data backups, information security education and training, social engineering drills, and other related activities. The execution status is regularly reported to the Board of Directors, and the information security protection plan is reviewed and amended annually based on the execution status. This ensures that the hardware, software, and personnel mindset related to various information security aspects of the company are maintained in optimal conditions.
In addition, the Information Security Plan also outlines emergency notification procedures. In the event of an information security incident, the IT security personnel report to their supervisors and, in compliance with regulations, report to relevant authorities. The company has also applied for membership in the "Taiwan Information Security Alliance." Through the assistance of the alliance, the company collaborates to uphold information security collectively.
In the year 2023:
1. Completed the offsite and cloud backup operations for the entire company.
2. Completed the setup of Tairoun Products' cloud drive to ensure comprehensive data backup.
3. Completed the replacement and upgrade of personal computers at the headquarters and Yunlin factory.
Work Plan for the year 2024:
1. Firewall equipment and software updates for the headquarters, Yunlin factory, and Kaohsiung factory.
2. Company-wide information security education and training.
3. Ongoing updates to personal computer equipment across all factories.
4. Reorganization of information rooms in each factory.
5. Review of network equipment and network planning in each factory.
6. Social engineering drills.