We use cookies to allow our website to function properly, personalize content and advertisements, provide social media features, and analyze traffic. We also share information about your use of our website with our social media, advertising, and analytics partners.
Information Security Management
Information Security Risk Management Framework:
The company established an Information Security Committee in 2019, responsible for the formulation of information security policies and the promotion of information security measures, and conducts regular reviews. The Information Security Committee is led by one information security officer, who is concurrently the highest-ranking supervisor of the IT department; the committee also has one information security personnel, who, in the event of any information security incident, collaborates with the responsible personnel from various relevant departments to handle the crisis.
The Information Security Committee reports to the board of directors annually, coordinating the establishment and maintenance of the information security management system.
The audit unit will also include information security checks in the annual audit plan and regularly present information security audit reports to the board of directors.
Information Security Policy
The company's information security policy outlines the norms, standards, and guidelines for information security management operations, including but not limited to the security management of electronic hardware, installation of operating systems and application software, email management controls, firewall settings, network usage authorization settings, wireless network usage regulations, antivirus software settings, access control for system program data, updates and maintenance of internal servers, and security monitoring of system development.
Specific Management Plan
(1) Electronic Hardware Equipment Security Management:
A. Main equipment such as servers is placed in a dedicated machine room, which is equipped with access control, allowing only authorized personnel to swipe their cards for entry and exit.
B. The company's computer equipment is installed with protective software, and the virus definitions are automatically updated to ensure effective detection of viruses and malicious software behavior.
(2) Control of Installation and Management of Operating Systems and Application Software:
A. The unit shall submit a permission application based on the required information functions, application systems, and program usage. After approval by the unit supervisor and the information unit supervisor according to their job responsibilities and the application form, the information personnel will set the usage permissions.
B. When personnel changes or resignations occur, the information unit shall promptly modify their accounts and access rights based on the change data to ensure information security.
(3) Internet Usage Authorization:
A. Set up firewalls for external network control, install endpoint protection and intrusion detection software to detect and block external intrusions and attacks.
B. Set up attack detection devices to regularly monitor abnormal behavior of internal network computers.
(4) System Security Monitoring:
A. The mainframe configuration in the machine room includes uninterruptible power supply and voltage stabilization equipment to prevent system damage caused by power outages or abnormal power supply.
B. Establish a remote backup system so that when the local data center loses function due to a disaster, the backup server and storage devices at the remote site can initiate the recovery plan.
C. Strengthen data backup and recovery mechanisms, regularly schedule backups to enhance the integrity and efficiency of system recovery.
Resource Management Information Security
(1) The Information Security Committee regularly inspects the internal information security management operations of the company, provides reports and recommendations to the management, and consolidates reports to the board of directors annually.
(2) The audit unit also regularly presents the information security audit report to the board of directors.
(3) Each employee signs the Employee Information Management Policy Agreement and completes information security education and training.
Current Status of Information Security Management Implementation
A. The information security management unit regularly reports to the board of directors:
November 1, 2022
August 3, 2023
October 30, 2024
December 10, 2025
B. Information Security Regular Review Meeting:
April 21, 2025
July 18, 114
C. Cybersecurity-related insurance is being planned.
Personal Data Protection Policy
To implement the protection and management of personal data, the company has established a "Personal Data Protection Policy" (please refer to https://www.ene.com.tw/en/chinese/csr/rule.php).
The scope of the Personal Data Protection Policy includes all personnel of the company (including full-time employees and contractors), business partners, customers, consultants, and recruitment candidates.
Status of Cybersecurity Promotion and Personal Information Protection Implementation
| Time | Promotion Methods | Target | Content | Person-time/Person-hour |
|---|---|---|---|---|
| 2025/12 | Online Course | All employees | Information Security and Personal Data Protection Promotion | 82/41 |
