Operational Governance
Intellectual Property & ISMS
Based on the Company's Corporate Governance Best Practice Principles, the Board of Directors is the highest supervisory authority to manage intellectual property.
Each year, the corporate governance team will compile the intellectual property management execution situation for the current year and report to the Board of Directors. The intellectual property management plan mainly focuses on the "Corporate Trademark Management" and "Copyright and Trade Secrets Management". In concert with the "Information Security Management" secures the protection and prevention of infringement of the intellectual property rights.
The execution situation of intellectual property management in 2024 were reported to the Audit Committee and the Board of Directors on November 8, 2024.
- The Legal Affairs Office will coordinate and plan. There will be the regular yearly reviews and evaluations. Outsource to Direction International Patent Trademark and Law Office (Direction Office) to assist in the management. Through the monitoring and control by the Direction Office, adopt prevention measures on possible infringement incidents to the Company.
- Each year, the Direction Office will provide the trademark annual report to the company, enabling the company to be in grasp of its trademarks. Every business unit will appoint one personnel to manage its trademarks, for uniform custody and maintaining unit for trademark use information. As of the end of 2023, the Company holds a total of 742 trademarks in Taiwan, 201 trademarks overseas, and 5 patents.
Copyright and Trade Secrets Management
- Aside from the labor contract between the Company and the employee, there is the confidentiality contract which regulates related matters for compliance such as the ownership of intellectual property right and confidentiality during the period after resignation. In response to the digitalization of information and to implement information security control, established the various electronic documents and equipment charters. There are regulations on the storage and maintenance of the company information, strict processes for software installation, and regular review by the IT Department of the employee permission authorization set up and information equipment security. This is to lower possibilities of leaks for trade secrets or confidential information. In addition, the Company passed the ISO 27001:2022 Information Security Management system certification, ensuring the effectiveness of information security management.
- On door access control, we have established the "Rules for Managing the Entry and Exit of the Factory". The principle for the entry and exit of the factory adopts the real-name registration method for anyone who is not personnel of the Company. Additional door access control has been set up for the R&D, manufacturing and so on office units. Persons other than those who have been approved by the managerial officer or led by an employee must not enter or exit the offices by themselves.
Enhance Awareness on Protecting Intellectual Property Rights
- To enhance the employee awareness of intellectual property rights, lower the risks of infringement, strengthen the Company's intellectual property protection, the Legal Affairs Office has organized at least one educational training each year to enhance the employees' concept for intellectual property rights.
- In 2024, the “Trade Secrets Act” awareness course was held for employees of the Company and domestic subsidiaries at or above the staff level. A total of 1,847 people received the training, with a completion rate of 99.9%.
The Company's Wang-Tien Factory Area has implemented an Information Security Management System (ISMS) in accordance with international standards and obtained ISO 27001:2022 certification for information security management systems. In December 2024, it passed SGS Taiwan Ltd. renewal audit verification. The scope of verification covers “providing MIS information system and application system development and maintenance, as well as information processing operations related to information data centers”. The validity period is from December 15, 2025, to December 16, 2026. Authentication message: please refer to www.sinon.com.tw
Head of General Management Division convenes an Information Security Management Committee, and we have set up one dedicated information security executive and personnel each to coordinate and develop annual information security plans, policies, objectives, processes, and resources. It convenes a management review meeting yearly and an information security meeting quarterly to review the performance of each quarter. The Company is a member of the Taiwan Computer Emergency Response Team/Coordination Center, enabling it to monitor critical cybersecurity information continuously, promptly adjust protection strategies, and strengthen its cybersecurity resilience. In the meantime, we review and strengthen deficiencies through regular audits by an impartial third party.
In the face of internal and external information security risks, the Company actively participates in various industry-government-academic conferences on information security-related topics, continuously learns and grasps the pulse of the information security industry and adjusts the information security framework in a timely manner to ensure that risks can be controlled and reduced. Countermeasures of various information security risks adopted by the Company in 2024. No information security incidents resulting in losses to the Company or its customers occurred in 2024:- Established an MDR (Managed Detection and Response) endpoint protection system.
- Established an N-Report log analysis system.
Disaster response and cybersecurity resilience
- Conducts annual cybersecurity vulnerability scans with the assistance of cybersecurity vendors to identify and reinforce weaknesses and loopholes in hosts and systems.
- Conducts two cybersecurity disaster recovery drills each year to simulate various disaster scenarios, using the outcomes to develop standard operating procedures (SOPs) that enhance disaster response capabilities.
- Performs backup recovery tests on critical operational data every six months and regularly reviews the availability and integrity of backup data.
Raise Information Security Awareness
- Four information security courses with a total length of one hour were offered to strengthen employees' awareness of information security. A total of 2,049 people were trained, and the completion rate was over 100%.
- Group employees also participate in social engineering drills to strengthen their awareness of social engineering defenses..
