Risk Management

Information Security Management

Advanced Power has comprehensively introduced an information security management mechanism to ensure the confidentiality, accuracy and availability of information processing, as well as the security of information-related systems, equipment and networks. Regularly implement internal information security drills and education and training to enhance employees' awareness and vigilance of information security. Ensure customer and product information security.

 

 一、Information Security Policy

    In order to enable the smooth operation of the company's business, prevent information or information systems from unauthorized access, use, control, leakage, destruction, tampering, destruction or other infringements, and ensure its confidentiality, integrity and availability, it is specially formulated This policy is as follows for all employees to follow:

  1. An information security risk management mechanism should be established to regularly review the effectiveness of information security risk management in response to changes in internal and external information security situations.
  2. The confidentiality and integrity of sensitive information and information system information shall be protected to prevent unauthorized access and tampering.
  3. The resilience of the core information system should be strengthened to ensure the continuous operation of the company's business.
  4. In response to changes in information security threats, employees of the company should participate in information security education and training to increase awareness of information security.
  5. It should be confirmed that relevant personnel are familiar with the notification mechanism of information security incidents and can effectively complete the notification operation.
  6. Cooperate with audit activities and continuously improve information security management.

 

 二、Information Security Organizational Structure

The responsible unit for information security risk management of the company is the Information Department, and the manager of the Information Department serves as the information security supervisor. Formulate the company's information security policy, planning and implementation of information security operations and promotion and implementation of information security policies.

The information security management report was reported to the board of directors on May 2, 2011.


 

三、Information Security Maintenance Policy

 

Information Security Measures and Implementation Results

一、Information security management and audit mechanism

In order to protect the company's data and check the effectiveness of the information security system, internal and external third-party audits are carried out every year.

Measure Target 2020 Results 2021 Results 2022 Results
Internal and external audit Missing < 3 0 0 0

 

二、Strengthen employee information security awareness


In order to implement the concept of information security to every employee, the company provides online education and training, and through quarterly social engineering drills, simulates hacker phishing emails, detects employees' information security risk awareness, supplemented by information security publicity and education and training, to improve Colleagues' awareness and vigilance of information security to reduce the risk of information security and the impact on the company's operations.

Measure Target 2023 results
Perform social engineering drills quarterly Social Feature Walkthrough Letters, Employee Clicks < 10% H1 : 4.2%

 


 

三、Network and system vulnerability detection


In order to protect company and personal information, as well as internal and external communication systems to avoid losses caused by human factors such as leakage, theft, destruction, or natural disasters, in addition to monthly internal vulnerability scanning, a third-party professional unit is regularly entrusted to conduct network inspections every year And system penetration testing to reduce the impact of human factors or natural factors on the company's operations.

 

 

四、Information Security Alert Notification and Incident Management

From 2020 to 2022, there will be no major information security incidents, and there will be no cases where confidential information leaks will affect the personal information of customers and employees, or they will be fined.

Measure Target 2020 Results 2021 Results 2022 Results
Information security incident notification Number of notifications < 1 0 0 0

 

The Implementation of Intellectual Property Rights Management

In order to enhance the competitive capabilities and increase profits to reduce infringement risk, the Company through the intellectual property rights management by integrating the Company’s R&D and business development to stabilize the Company profits.

Plan For Managing Intellectual Property (IP) Rights

Protection for Intellectual Property (IP) Rights

 

 

Reported to the board of directors on Oct 29, 2024.

Patent applications and patent portfolio:

 

Patent Portfolio and Patent Distributions