Information Security Management
Advanced Power has comprehensively introduced an information security management mechanism to ensure the confidentiality, accuracy and availability of information processing, as well as the security of information-related systems, equipment and networks. Regularly implement internal information security drills and education and training to enhance employees' awareness and vigilance of information security. Ensure customer and product information security.
一、Information Security Policy
In order to enable the smooth operation of the company's business, prevent information or information systems from unauthorized access, use, control, leakage, destruction, tampering, destruction or other infringements, and ensure its confidentiality, integrity and availability, it is specially formulated This policy is as follows for all employees to follow:
- An information security risk management mechanism should be established to regularly review the effectiveness of information security risk management in response to changes in internal and external information security situations.
- The confidentiality and integrity of sensitive information and information system information shall be protected to prevent unauthorized access and tampering.
- The resilience of the core information system should be strengthened to ensure the continuous operation of the company's business.
- In response to changes in information security threats, employees of the company should participate in information security education and training to increase awareness of information security.
- It should be confirmed that relevant personnel are familiar with the notification mechanism of information security incidents and can effectively complete the notification operation.
- Cooperate with audit activities and continuously improve information security management.
二、Information Security Organizational Structure
The responsible unit for information security risk management of the company is the Information Department, and the manager of the Information Department serves as the information security supervisor. Formulate the company's information security policy, planning and implementation of information security operations and promotion and implementation of information security policies.
The information security management report was reported to the board of directors on May 2, 2011.
三、Information Security Maintenance Policy
Information Security Measures and Implementation Results
一、Information security management and audit mechanism
In order to protect the company's data and check the effectiveness of the information security system, internal and external third-party audits are carried out every year.
| Measure | Target | 2022 Results | 2023 Results | 2024 Results |
| Internal and external audit | Missing < 3 | 0 | 0 | 0 |
二、Strengthen employee information security awareness
In order to implement the concept of information security to every employee, the company provides online education and training, and through quarterly social engineering drills, simulates hacker phishing emails, detects employees' information security risk awareness, supplemented by information security publicity and education and training, to improve Colleagues' awareness and vigilance of information security to reduce the risk of information security and the impact on the company's operations.
| Measure | Target | 2024 results |
| Perform social engineering drills quarterly | Social Feature Walkthrough Letters, Employee Clicks < 10% | 4.93% |
三、Network and system vulnerability detection
In order to protect company and personal information, as well as internal and external communication systems to avoid losses caused by human factors such as leakage, theft, destruction, or natural disasters, in addition to monthly internal vulnerability scanning, a third-party professional unit is regularly entrusted to conduct network inspections every year And system penetration testing to reduce the impact of human factors or natural factors on the company's operations.
四、Information Security Alert Notification and Incident Management
From 2022 to 2024, there will be no major information security incidents, and there will be no cases where confidential information leaks will affect the personal information of customers and employees, or they will be fined.
| Measure | Target | 2022 Results | 2023 Results | 2024 Results |
| Information security incident notification | Number of notifications < 1 | 0 | 0 | 0 |
The Implementation of Intellectual Property Rights Management
In order to enhance the competitive capabilities and increase profits to reduce infringement risk, the Company through the intellectual property rights management by integrating the Company’s R&D and business development to stabilize the Company profits.
Plan For Managing Intellectual Property (IP) Rights
Protection for Intellectual Property (IP) Rights
Reported to the board of directors on Oct 29, 2024.
Patent applications and patent portfolio:
Patent Portfolio and Patent Distributions:
Risk Management
On October 30, 2025, the Company’s Board of Directors approved and adopted the “Risk Management Policies and Procedures” to ensure that the Company and its subsidiaries fulfill corporate sustainability responsibilities. The policy requires adherence to the Company’s management system and internal control framework, and mandates effective management of risks that may arise during the course of operations.
The Company is committed to conducting risk evaluations through Board-level involvement and a systematic management approach to assess the potential impact of various risks on its operations. This framework aims to strengthen corporate governance, achieve sustainable business objectives, and safeguard the rights and interests of stakeholders.
Risk Management Organizational Structure and Responsibilities
| Board of Directors | The Board of Directors serves as the Company’s highest decision‑making body for risk management. It is responsible for approving the Company’s risk management policies and related regulations, overseeing the implementation of various risk management systems, and ensuring the effective operation of management mechanisms, thereby achieving the Company’s risk management objectives. |
| Audit Committee | Supervise the Risk Management Team |
| Risk Management Team | As the executing unit for the Company’s risk management policies, the Committee’s responsibilities include promoting the Company’s overall risk management operations, formulating risk management policies and related procedures, implementing the risk management policies approved by the Board of Directors, reviewing risk control–related matters, and supervising and coordinating the overall execution of risk management activities. |
| Internal Audit Office | In accordance with this Policy, its procedures, and the Company’s various risk management systems, the Internal Audit Office formulates the annual audit plan and conducts independent reviews of the effectiveness of risk management activities, providing recommendations for improvement where necessary. The audit results are periodically reported to the Board of Directors to help ensure that key operational risks are properly managed and that the internal control system operates effectively. |
The Company reported and submitted the establishment of the Risk Management Policies and Procedures to the Audit Committee and the Board of Directors on October 30, 2025.
The Company follows procedures covering risk identification, risk analysis, risk assessment, risk response and monitoring, as well as risk reporting and disclosure, to formulate improvement strategies and control plans, and to supervise the execution of daily risk management activities by each functional unit.
| Risk Categories | Scope definition | Responsible department |
| Strategic Risk | Changes in international geopolitical conditions or trade policies may affect APEC supply chain stability and overseas market deployment. | Operations Units, Sales Units, and Market Units |
| Operational Risk | External risks such as natural disasters, infectious diseases, and climate change may affect APEC operations and the stability of its supply chain. In addition, fluctuations in market demand and competitive pressures may impact Fuding’s operational performance. | Operations Unit |
| Financial Risk | Financial activities may incur losses due to market fluctuations or management errors, including factors such as exchange rate volatility. | Finance Unit |
| Information Risk | Deficiencies in the internal control system or internal management may result in threats to personal safety, asset losses, or impaired operational performance, including risks related to information security and intellectual property. | Information Unit |
| Compliance Risk | If operational activities fail to comply with applicable laws and regulations, or if external litigation results in damage to the Company’s reputation and financial losses, the Company may be adversely affected. | Legal Unit |
Risk Management Procedures
The Company adopts a four‑step approach to managing risks. Each unit identifies and analyzes potential risks based on its internal operational plans to safeguard the rights and interests of stakeholders. Preventive measures are formulated through regular operational planning meetings and internal meetings.
If a risk event occurs, in addition to handling it according to established preventive measures, the responsible unit must follow up on the root causes and impacts of the event, review the effectiveness and deficiencies of current preventive measures, propose improvement plans, and continuously enhance subsequent preventive and response actions.
Finally, the Risk Management Team monitors the overall effectiveness of the risk management process.
