Products Search
Close
Corporate Governance

Information Security Management

ABC-AETC has established an effective cybersecurity defense network as part of its vision for information security. Safeguarding customer privacy and confidential information has been a cornerstone of our solid customer relationships over the years, therefore the Group is committed to safeguarding customer information security as one of its top priorities in information security management. We aim to build long-lasting trust with our customers while ensuring the protection of our company's confidential documents to prevent information leaks. In November 2022, ABC-AETC established a Information Security Office to maintain the integrity of the company's confidential information and ensure the security of customer and personal data privacy. Through the implementation of firewalls, we have enhanced the company's network defense capabilities. The following control measures are undertaken to prevent server room interruptions, leakage of confidential information, and hacker intrusions.
  1. Data access control
    To protect the company's information system and data security, appropriate management measures are established for security control, personnel access control, and environmental maintenance (such as temperature and humidity control) in server rooms and key areas.
  2. Anti-virus software management
    ● Anti-virus software is installed on all internal computers and server hosts, and is set to automatically update and download anti-virus software to maintain company data and property.
    ● All important or confidential files are set up with access rights and data encryption measures to prevent document leakage and hacker intrusion. Access rights and record retention measures are planned to be implemented for external storage devices or USB storage devices to ensure appropriate control and management.
  3. Backup Management
    Daily off-site backups are performed, and there are plans to gradually establish more comprehensive off-site backups and redundancy measures for key data. In 2022, the email and junk email backup systems were completed. The email backup system includes backup of email correspondence on LINUX-based mail servers, covering both internal and external communications, to preserve the email correspondence records. The junk email system is designed to isolate network attack emails or scam emails. Both of these systems will undergo annual software renewals and updates to ensure their effectiveness.
  4. Software and hardware maintenance
    Software and hardware maintenance is outsourced as needed, and employees are prohibited from installing or removing any software and hardware, and will be held responsible for any damage or loss.
  5. Internal information security disaster drills
    To ensure the safety of information operation system, equipment, network and data, the Company conducts systemized disaster drills every six months, mainly to test the recovery of the host system. The Company has also established a disaster recovery contingency procedure, with the general manager as the convener and the head of the IT Department and Department colleagues as the team members, to respond to the notification and contingency handling of major incidents to ensure that the Company's servers can resume normal operations within the shortest possible time in the event of a disaster. In 2022, the systemized disaster drill rate was 100%, and no information security incidents occurred. In addition, in order to raise the awareness of information security among employees, the Company has implemented the following measures through information security management and security awareness training for personnel:
    ●Personnel information security management
        ◇All employees shall sign a confidentiality contract and shall not disclose internal confidential information to the outside world.
        ◇In the event of the departure or transfer of personnel related to security work, the supervisor in charge shall undertake appropriate arrangements for handling procedures to prevent unnecessary security deficiencies.
    ●Information security awareness training
       ◇If a major information security incident occurs inside or outside the Company, the IT supervisor will announce it promptly to Company employees to raise their awareness of information security risks.
       ◇If a major information security incident occurs inside or outside the Company, the IT supervisor will announce it promptly to Company employees to raise their awareness of information security risks.
       ◇When employees violate information and communication security, disciplinary measures shall be imposed to strengthen their sense of accountability for information security.
       ◇The Company incorporates information security requirements into employee manuals and enhances training for IT personnel to enhance information security management capabilities.
  6. Information Security Enhancement Planning
    The IT department will periodically send email notifications regarding recent and frequent information security events, along with relevant news content, to enhance employee information security awareness.
ABC Taiwan Electronics Corp