HOME Sustainability Operational Governance

Operational Governance

Intellectual Property & ISMS

Intellectual Property Management 
Management Measures
Based on the Company's Corporate Governance Best Practice Principles, the Board of Directors is the highest supervisory authority to manage intellectual property.
Each year, the corporate governance team will compile the intellectual property management execution situation for the current year and report to the Board of Directors. The intellectual property management plan mainly focuses on the "Corporate Trademark Management" and "Copyright and Trade Secrets Management". In concert with the "Information Security Management" secures the protection and prevention of infringement of the intellectual property rights. 
The results of intellectual property management in 2022 were reported to the Audit Committee and the Board of Directors on November 4, 2022.
Trademark Management
The Legal Affairs Office will coordinate and plan. There will be the regular yearly reviews and evaluations. Outsource to Direction International Patent Trademark and Law Office (Direction Office) to assist in the management. Through the monitoring and control by the Direction Office, adopt prevention measures on possible infringement incidents to the Company. Each year, the Direction Office will provide the trademark annual report to the company, enabling the company to be in grasp of its trademarks. Every business unit will appoint one personnel to manage its trademarks, for uniform custody and maintaining unit for trademark use information. As of the end of 2022, the Company holds a total of 721 trademarks in Taiwan, 256 trademarks overseas, and 5 patents.

Copyright and Trade Secrets Management
Aside from the labor contract between the Company and the employee, there is the confidentiality contract which regulates related matters for compliance such as the ownership of intellectual property right and confidentiality during the period after resignation. In response to the digitalization of information and to implement information security control, established the various electronic documents and equipment charters. There are regulations on the storage and maintenance of the company information, strict processes for software installation, and regular review by the IT Department of the employee permission authorization set up and information equipment security. This is to lower possibilities of leaks for trade secrets or confidential information. In addition, the Company passed the ISO 27001:2013 Information Security Management system certification, ensuring the effectiveness of information security management.
On door access control, we have established the "Rules for Managing the Entry and Exit of the Factory". The principle for the entry and exit of the factory adopts the real-name registration method for anyone who is not personnel of the Company. Additional door access control has been set up for the R&D, manufacturing and so on office units. Persons other than those who have been approved by the managerial officer or led by an employee must not enter or exit the offices by themselves.

Enhance Awareness on Protecting Intellectual Property Rights
To enhance the employee awareness of intellectual property rights, lower the risks of infringement, strengthen the Company's intellectual property protection, the Legal Affairs Office has organized at least one educational training each year to enhance the employees' concept for intellectual property rights.
We conducted the "Introduction to Intellectual Property Rights" training course in October 2022 through the e-learning platform for employees at or above the section leader level in the Company and its domestic subsidiaries, as well as legal compliance officers and intellectual property rights officers of each business unit to strengthen the concept of intellectual property rights of employees. The total number of participants was 588, with a training rate of 93%.
Information Security Management / ISO 27001:2013 ISMS 
The Wang-Tien Factory Area of the Company has established an Information Security Management System (ISMS) that is in compliance with international standards and obtained the ISO 27001:2013 Information Safety Management System Certification and passed the SGS Taiwan Ltd. third-party verification and audit for the re-issuance of the certificate in December 2022. The scope of certification is “to provide MIS information system and application system development and maintenance, as well as information processing operations related to IT server room”. The validity period is through October 31, 2025.

The Company has established “Statement of Cyber Security Policy” and the Head of Management Division serves as the Chief Information Security Officer and forms the Information Security Management Committee to coordinate and develop annual information security plans, policies, objectives, processes, and resources. It convenes a management review meeting yearly and an information security meeting quarterly to review the performance of each quarter.
According to “Regulations Governing Establishment of Internal Control Systems by Public Companies”, we have set up one dedicated information security executive and personnel each and applied for membership in the Taiwan Computer Emergency Response Team / Coordination Center to keep abreast of important information on information security and to facilitate the development of relevant countermeasures.
In the meantime, we review and strengthen deficiencies through regular audits by an impartial third party.

In the face of internal and external information security risk threats, the Company ensure the confidentiality, completeness, and availability of information based on the PDCA management cycle and continues to review and improve the execution results of the information security system, implement various information security protection measures, strengthening customer information and operational sensitive data protection. The implementation status is periodically reported to the Board of Directors every year. The results of information security management in 2022 were reported to the Audit Committee and the Board of Directors on November 4, 2022.
During 2022, and up to now, the Company has not found any major information security incidents have had or may have materially negative impact on the Company’s business or operation.
Countermeasures of various information security risks adopted by the Company in 2022:

Upgrade equipment protection

  • We upgraded the mail system to enhance the spam and problem mail filtering functions.
  • We replaced the offsite backup server to enhance the security and accessibility of data. We shortened the recovery time from a disaster.

Strengthen information backup

  • We conduct annual vulnerability assessment for service servers and network equipment, and with the assistance from third-party security providers, we identify vulnerabilities to repair and safeguard.
  • We simulate a disaster scenario twice a year for recovery drills to strengthen the personnel’s effective implementation of SOPs when facing various disaster events and shorten the impact time of the event.
  • Semi-annual recovery drills are conducted for the company's core data to ensure the availability and completeness of the backup data.

Upgrade information security awareness

  • 4 information security courses were held for a total of 1 hour to raise employees' awareness on information security, with a total of 758 participants and a training rate over 85%.

Strengthen the management of privileged accounts

  • The endpoint protection software is available to all group companies and all Sinon Supply Center across Taiwan to regularly review online users' behavior.