Corporate Sustainability
GOVERNANCE
Information Security Management
To strengthen information security resilience and management mechanisms in response to various cybersecurity threats and operational risks, the internal information management system adopts a PDCA (Plan-Do-Check-Act) cyclical management model. This model includes system establishment, implementation, risk assessment, and improvement measures to enhance CWE's information security framework. It ensures the confidentiality, integrity, and availability of the company's critical information assets while complying with relevant laws and regulations to maintain sustainable operations and key business functions.
With the approval of the Board of Directors, a "Cybersecurity Dedicated Unit" has been established. The cybersecurity officer and the cybersecurity personnel have been appointed in 2023. The unit is responsible for formulating, implementing, and managing policies related to CWTC's information security and trade secret protection. It conducts regular annual security assessments of information assets and adjusts information security policies as needed, based on updates to security tools or technologies, to ensure the effective operation of the information security management system. The IT department is responsible for executing cybersecurity advocacy and handling cybersecurity incidents.
※PDCA for Information Security Management
※Information Security Control Measures
CWE regularly reviews its information security processes to enhance and strengthen all information risk management. In 2023, there were no significant cyberattacks or events, nor were there any issues that have caused or could potentially cause a significant adverse impact on the company's operations. Furthermore, no major complaints were received regarding the infringement of customer privacy or the loss of customer data.
※Resources allocated to information security management
| Category | Execution Outcome |
|---|---|
| Continual operation and enhancement of information security system | Information security expenses amounted to NT$ 1,101 thousand in 2023, which included the replacement of core system firewall equipment and upgrades to the email platform. |
| Information security enhancement project | Adopt two-factor authentication (2FA), improve the strength of password principle and track login history (logon alerts for high-risk area) |
| Audits by key customers | Cooperate with the information security audits of key customers and propose improvement plans |
| Employee education and training | Promote information security regularly and conduct social engineering drills regularly |
| Regular checks on core system | Risk event alert and threat analysis of core system |
※Information Security Incident Reporting Process
A comprehensive information security incident reporting process has been established, allowing employees to report incidents through multiple channels. Once the Information Security Task Force receives a notification, a dedicated team is formed to handle the incident based on its category and severity.
