ABC adheres to the business philosophy of "building an industry of world-class inductors and precision components through pragmatism, innovation, and sustainability" and manages its businesses based on principles of materiality. The Company regularly identifies and monitors risks that are relevant to its operations, which in turn allows timely response to crises and the possibility of minimizing threats or even turning them into opportunities. A total of 4 risks were identified in 2021; risk factors, threats, and response strategies are explained below:

In order to maintain the integrity of the company's confidential information documents and to protect the privacy of customers and personal information, the Company has set up a firewall to improve the capability of the Company's cybersecurity system. The following control measures are undertaken to prevent server room interruptions, leakage of confidential information, and hacker intrusions.
1. Data access control To protect the company's information system and data security, appropriate management measures are established for security control, personnel access control, and environmental maintenance (such as temperature and humidity control) in server rooms and key areas.
2. Anti-virus software management • Anti-virus software is installed on all internal computers and server hosts, and is set to automatically update and download anti-virus software to maintain company data and property. • All important or confidential files are set up with access rights and data encryption measures to prevent document leakage and hacker intrusion. Access rights and record retention measures are planned to be implemented by 2023 for external storage devices or USB storage devices to ensure appropriate control and management.
3. Backup management Daily off-site backups will be performed, and more comprehensive off-site backups and important data backups will be progressively set up in the future.
4. Software and hardware maintenance Software and hardware maintenance is outsourced as needed, and employees are prohibited from installing or removing any software and hardware, and will be held responsible for any damage or loss.
5. Internal information security disaster drills To ensure the safety of information operation system, equipment, network and data, the Company conducts systemized disaster drills every six months, mainly to test the recovery of the host system. The Company has also established a disaster recovery contingency procedure, with the general manager as the convener and the head of the IT Department and Department colleagues as the team members, to respond to the notification and contingency handling of major incidents to ensure that the Company's servers can resume normal operations within the shortest possible time in the event of a disaster. In 2021, the systemized disaster drill rate was 100%, and no information security incidents occurred. In addition, in order to raise the awareness of information security among employees, the Company has implemented the following measures through information security management and security awareness training for personnel:
1. Personnel information security management • All employees shall sign a confidentiality contract and shall not disclose internal confidential information to the outside world. • In the event of the departure or transfer of personnel related to security work, the supervisor in charge shall undertake appropriate arrangements for handling procedures to prevent unnecessary security deficiencies.
2. Information security awareness training • If a major information security incident occurs inside or outside the Company, the IT supervisor will announce it promptly to Company employees to raise their awareness of information security risks. • Information security education training is held regularly to raise the awareness of information security among all employees. • When employees violate information and communication security, disciplinary measures shall be imposed to strengthen their sense of accountability for information security. • The Company incorporates information security requirements into employee manuals and enhances training for IT personnel to enhance information security management capabilities.

 

When COVID-19 first showed signs of worldwide spread in February 2020, the Chairman of ABC immediately instructed relevant departments to monitor the situation and implemented a multitude of disease control measures to maintain normal operations of the Company. In response to the threat of variants of COVID-19, the Taiwan plants set up an epidemic prevention task force on April 23, 2021 to carry out various epidemic prevention measures according to the level of development of the epidemic and to keep track of the progress of the resumption of work to ensure that the Company maintains normal operations and provides customer services. The new regulations for the management of special infectious diseases are divided into four levels of prevention and seven major management measures, and are implemented in accordance with the "Epidemic Alert Standards and Response" of the Central Epidemic Command Center.
1. Epidemic prevention management by level In response to changes in the epidemic situation, the Company adopts a management model from Level 1 to Level 4, and holds regular epidemic prevention meetings to discuss and track the development of the domestic epidemic situation and the epidemic prevention measures within the factory.
2. Epidemic situation notifications • Establish a bottom-up notification mechanism and process. • If there are employees or their family members in a unit who are notified of home quarantine or home quarantine, they should report to the unit manager promptly and in detail.
3. Implementation of home isolation/quarantine/self-health management management Refer to the Central Epidemic Command Center for the implementation of home isolation/quarantine/selfhealth management of colleagues with confirmed infections and tracking management mechanism.
4. Activity history investigation and management In accordance with the Centers for Disease Control, MOHW or the county (city) government's announcement of confirmed cases necessitating the investigation of employees' or co-inhabitants activity history, the Company carries out health tracking measures for the employees involved.
5. Employee health monitoring • In accordance with the Company's epidemic prevention regulations, body temperature measurement, QR Code real name registration, health declaration, and hand disinfections are implemented when contractors, visitors, customers, and new employees enter the Company’s factories. • A facial recognition body temperature recording system is installed at the main entrance, and temperature measurement and disinfection machines are installed on each floor to enhance overall site safety. • All employees take a daily body temperature measurement, hand disinfection, and wear masks when entering the Company’s factories.
6. Environmental Management • Transparent plastic partitions are installed in employee canteens, with checkerboard seating required. Otherwise, employees may have meals in their own seats. • Disinfection of public areas (e.g. elevators, staircase handrails, meeting rooms, restaurants and dressing rooms) and units (e.g. personal desks, keyboards, mice, cell phones, file cabinets, labs, etc.). • Indoor air is circulated and air conditioning is used when needed.
7. Administrative Management • Reduce the gathering of personnel by using online video, LINE group chats or telephone conferences. • Avoid or prohibit assigned personnel from traveling to high-infection areas. • Post health and epidemic prevention information on bulletin boards, LINE groups, and washrooms. • Implemented triage, off-site or home office. • QR Code real-name registration is installed on all floors, meeting rooms, and entrances to all departments. • In accordance with the regulations of the FSC, shareholders' meetings are postponed and the number of participants is relaxed to less than 20. • Epidemic prevention scenario simulation drills.