Corporate Sustainability
GOVERNANCE
Information Security Management
To enhance information security resilience and management mechanisms in response to operational risks posed by various cybersecurity threats, the internal information management system adopts a PDCA (Plan-Do-Check-Act) cyclical management model. This model strengthens the information security structure of CWE through system establishment, implementation, risk assessment, and continuous improvement. It ensures the confidentiality, integrity, and availability of the company's critical information assets, while complying with relevant laws and regulations to support the sustainable operation of business and key functions.
With approval from the Board of Directors, the company established a “Cybersecurity Dedicated Unit” in 2023. Mr. Eric Lin, head of the IT Division, was appointed as the Chief Information Security Officer, and dedicated personnel were assigned to manage information security operations. The unit is responsible for formulating, executing, and managing policies related to CWE’s information and communication security and trade secret protection. It conducts annual security assessments of information assets and updates security policies as necessary based on changes in tools or technology, ensuring the effective operation of the information security management system. Additionally, the IT Division is responsible for staff cybersecurity awareness training and incident response, aiming to strengthen overall information security awareness and jointly safeguard the company’s information environment.
Our company implemented the ISO 27001 Information Security Management System in 2025 and has obtained ISO 27001 certification, valid from November 6, 2025, to November 5, 2028. Through the implementation of ISO 27001, we have strengthened our capability to respond to information security incidents, safeguarded the assets of both the company and our customers, and enhanced our risk management and operational resilience. This further increases stakeholders’ trust in CWE’s information security.
※PDCA for Information Security Management
※Information Security Control Measures
CWE regularly reviews its information security processes to enhance and strengthen all information risk management. In 2024, there were no significant cyberattacks or events, nor were there any issues that have caused or could potentially cause a significant adverse impact on the company's operations. Furthermore, no major complaints were received regarding the infringement of customer privacy or the loss of customer data.
※Resources allocated to information security management
| Category | Execution Outcome |
|---|---|
| Continual operation and enhancement of information security system | Information security expenses amounted to NT$ 2,886 thousand in 2024, which included the replacement of core system firewall equipment and upgrades to the email platform. |
| Information security enhancement project | Adopt two-factor authentication (2FA), improve the strength of password principle and track login history (logon alerts for high-risk area) |
| Audits by key customers | Cooperate with the information security audits of key customers and propose improvement plans |
| Employee education and training | Promote information security regularly and conduct social engineering drills regularly |
| Regular checks on core system | Risk event alert and threat analysis of core system |
※Information Security Incident Reporting Process
A comprehensive information security incident reporting process has been established, allowing employees to report incidents through multiple channels. Once the Information Security Task Force receives a notification, a dedicated team is formed to handle the incident based on its category and severity.
