Information Security Risk Management Framework
Innocare Optoelectronics Corp. has established an information management organization, which is responsible for coordinating the formulation and execution of information security policies, risk management, and compliance audits. The top executive of the corporate information management organization will report the results of information security implementation to the board of directors annually.In addition, the company’s information security officer (ISO) is responsible for coordinating and implementing the company’s information security policies, promoting information security messages, and enhancing employee awareness of information security. The ISO will report information security achievements to the top executive of the corporate information management organization, the general manager and board chairman, and will assess the effectiveness of the company’s internal control over information operations. To safeguard the confidentiality, integrity, and availability of information, the company has established a “proactive information security detection and defense” architecture, aimed at reducing the risk of unauthorized use, destruction, or leakage of information.
1.Information security governance (ISG)
We establish information management related procedures and operation documents, implement information security policy management, information security compliance control and continue to conduct operational contingency exercises to protect the security of important systems and data of Innocare Optoelectronics Corp.
2.Promotion of Information Security Awareness:
We promote National Cyber Security Awareness Month activities and conduct regular cybersecurity education and training, in order to enhance employees’ awareness of information security.
3.Information and Communication Security Risk Management and Response Measures
Our company has established regulations for information software operation systems and information security disaster recovery processes, which are aimed at controlling the information assets of our company’s information service systems, including computer hosts, database systems, application software systems, personal computers, operational information, and personal privacy information. We have established principles in line with information security management systems (ISMS), to ensure the confidentiality, integrity, and availability of information, and promote the enhancement of information security management. We are committed to establishing a secure and trustworthy electronic information operation environment, to ensure that in the event of an information security incident to our company’s information systems and operational data, we can quickly report and implement relevant emergency response mechanisms, and restore normal operations in the shortest possible time to ensure the sustainable operation of our company’s business.
Our company has strengthened its management and defense framework for information and communication security as follows:
Item | Description of content |
Information and Communication Security defense structure |
|
Information Security Governance and Promotion |
|
Enhancing Information and Communication Security Management Mechanisms |
|