Information Security Risk Management

The board of directors has approved to establish a security supervisor and a security officer on May 4, 2023. The company's information security system is responsible for the information security technology control to ensure the operation of the company's information security management system, identify the information security management system within the information security management system, external issues, and related groups of information security requirements and expectations, implement information security protection related work, security incident response handling, and post-security incident recovery capabilities to prevent security incidents and reduce the loss of security incidents.
 

Information and Communication Security Policy

We ensure the confidentiality, integrity, availability, and lawfulness of information assets, avoid deliberate or accidental threats, evaluate our business needs, continue to implement IT management tools, and continuously strengthen information security management mechanisms to continuously operate information security management and privacy protection mechanisms.
 

Information and communication security specific management plan and resources

  1. Information security management mechanism:

The audit department of the company implements information security management mechanism to establish, implement, maintain, and improve the information security management system in the circular mode of PDCA.

  1. Information Security Technology Control

Prevent hackers from hacking and stealing company sensitive data by building information security monitoring systems. Establish a complete information system security network, including computer rooms, network equipment, network connection, and management of personal information equipment (e.g., desktop, laptop, tablet, smartphone, etc.) to protect personal data, company confidential data, and customer and supplier data.

PTC has recently applied to become a member of the Taiwan Computer Network Crisis Management and Coordination Center (TWCERT/CC), which is expected to be approved in January 2024. The center can provide information security incident consultation and coordination services to obtain information security in advance, early warning information, understanding of information security threats and vulnerabilities, and reporting of information security incidents jointly enhance Taiwan's overall information security joint defense capabilities and effectively improve the company's own protection capabilities.

  1. Information Security Training

To enhance the awareness and awareness of our employees on information security:

  1. Information security awareness: In order to raise employee awareness of information security, timely announcement and promotion of information security-related information through various channels and conferences.
     
  2. Information Security Training:
    • New employees sign the Professional Ethics Service Agreement and receive training on information security on the day of registration to understand the company's information security policy and requirements.
    • In addition to the education and training held by the company, the unit's information personnel participated in external training events or seminars (including online) to attract information security mechanisms and the latest types of information security attacks to strengthen information security protection.
    • To enhance employee security awareness through irregular drills.
       

Losses, possible impacts, and countermeasures arising from major information security incidents

In the latest year, and as of the publication of the Annual Report, there is no financial compensation or loss related to the operation due to the major events of the information security incident.

Committed to protecting the security and privacy of information assets related to internal and external operations, focusing on the defense of security threats from internal and external, and continue to follow up with relevant threat intelligence at home and abroad, and managing security operations and monitoring in a timely manner, to reduce the operational impact caused by security threats and implement the operational impact of enterprises The responsibility of safety to achieve sustainable development of the enterprise.