Information Security Risk Management Framework

Innocare Optoelectronics Corp. has established an information management organization, which is responsible for coordinating the formulation and execution of information security policies, risk management, and compliance audits. The top executive of the corporate information management organization will report the results of information security implementation to the board of directors annually.In addition, the company’s information security officer (ISO) is responsible for coordinating and implementing the company’s information security policies, promoting information security messages, and enhancing employee awareness of information security. The ISO will report information security achievements to the top executive of the corporate information management organization, the general manager and board chairman, and will assess the effectiveness of the company’s internal control over information operations. To safeguard the confidentiality, integrity, and availability of information, the company has established a “proactive information security detection and defense” architecture, aimed at reducing the risk of unauthorized use, destruction, or leakage of information.

1.Information security governance (ISG)

We establish information management related procedures and operation documents, implement information security policy management, information security compliance control and continue to conduct operational contingency exercises to protect the security of important systems and data of Innocare Optoelectronics Corp.

2.Promotion of Information Security Awareness:

We promote National Cyber Security Awareness Month activities and conduct regular cybersecurity education and training, in order to enhance employees’ awareness of information security.

3.Information and Communication Security Risk Management and Response Measures

Our company has established regulations for information software operation systems and information security disaster recovery processes, which are aimed at controlling the information assets of our company’s information service systems, including computer hosts, database systems, application software systems, personal computers, operational information, and personal privacy information. We have established principles in line with information security management systems (ISMS), to ensure the confidentiality, integrity, and availability of information, and promote the enhancement of information security management. We are committed to establishing a secure and trustworthy electronic information operation environment, to ensure that in the event of an information security incident to our company’s information systems and operational data, we can quickly report and implement relevant emergency response mechanisms, and restore normal operations in the shortest possible time to ensure the sustainable operation of our company’s business.

Our company has strengthened its management and defense framework for information and communication security as follows:

ItemDescription of content
Information and Communication Security defense structure
  1. To prevent malicious traffic attacks by hackers, we have invested in constructing a DDoS defense architecture.
  2. To prevent ransomware from entering, we have installed endpoint protection software on important equipment in our server room to defend against unknown file program attacks.
  3. To prevent unknown type phishing emails from infiltrating, we have optimized the spam email blocking mechanism and added anti-attack protection system equipment for mail gateways.
  4. The installation of various external connection firewalls has been completed.
  5. Hardware and software backup expansion: We have strengthened the backup system in the ServerFarm area to prevent the harms caused by ransomware.
Information Security Governance and Promotion
  1. Through the “Start-up Promotion Platform” and the “Online Learning Platform,” we educate employees and help them understand the concept of information security.
  2. By utilizing the “Email Source Verification Mechanism,” we can effectively reduce the risk of receiving phishing emails.
  3. We conduct National Cyber Security Awareness Month activities, execute employee social engineering exercises, to enhance employee email awareness and information security awareness.
Enhancing Information and Communication Security Management Mechanisms
  1. We have become a member of the Taiwan Computer Emergency Response Team Coordination Center (TWCERT) Information Security Alliance, through which we exchange information about information security with other members of the alliance.
  2. We subscribe to domestic and international information security organizations to obtain real-time information on hacker attacks.