In response to personal information protection and information security needs, Tatung established the Information Security
and the Personal Information Protection Committee as early as 2014, passed the ISO 27001 information security management
system verification, and ensured the security of the company's personnel, data, information systems, equipment and
network in accordance with the requirements of the BS 10012 personal data protection standard. To ensure the safety of the
company's personnel, data, information systems, equipment and network, establishing an information security policy as the
highest guiding principle of the company's information security management system, achieving the goal of "uninterrupted
service, no loss of information, personal information not leaked, and enterprise sustainable operation"
The implementation of the information security management system should be based on the PDCA process model, with a cyclical and gradual spirit to ensure the effectiveness and continuity of information business operations. The actual implementation method is based on precautions and risk reduction as the prerequisite. Through monthly information security meetings and emergency meetings, review and countermeasures for new internal and external information security issues are reviewed and implemented in the annual plan. During the event, an information security and personal asset management review meeting hosted by the general manager is held in October each year to report on the implementation results this year and the information security budget plan for next year. The annual event includes an external audit consultant audit in the second half of the year.Twice outsourced consultants and pre-external audit counseling, and an annual internal audit review by the Audit Committee to determine the implementation status of the information security management system and whether the confidentiality, integrity, and availability of various services have been achieved Information security goals set by compliance.