Operational Governance
Intellectual Property & ISMS
Intellectual Property Management
Management Measures
Based on the Company's Corporate Governance Best Practice Principles, the Board of Directors is the highest supervisory authority to manage intellectual property.
Each year, the corporate governance team will compile the intellectual property management execution situation for the current year and report to the Board of Directors. The intellectual property management plan mainly focuses on the "Corporate Trademark Management" and "Copyright and Trade Secrets Management". In concert with the "Information Security Management" secures the protection and prevention of infringement of the intellectual property rights.
The execution situation of intellectual property management in 2023 were reported to the Audit Committee and the Board of Directors on November 3, 2023.
Based on the Company's Corporate Governance Best Practice Principles, the Board of Directors is the highest supervisory authority to manage intellectual property.
Each year, the corporate governance team will compile the intellectual property management execution situation for the current year and report to the Board of Directors. The intellectual property management plan mainly focuses on the "Corporate Trademark Management" and "Copyright and Trade Secrets Management". In concert with the "Information Security Management" secures the protection and prevention of infringement of the intellectual property rights.
The execution situation of intellectual property management in 2023 were reported to the Audit Committee and the Board of Directors on November 3, 2023.
Trademark Management
- The Legal Affairs Office will coordinate and plan. There will be the regular yearly reviews and evaluations. Outsource to Direction International Patent Trademark and Law Office (Direction Office) to assist in the management. Through the monitoring and control by the Direction Office, adopt prevention measures on possible infringement incidents to the Company.
- Each year, the Direction Office will provide the trademark annual report to the company, enabling the company to be in grasp of its trademarks. Every business unit will appoint one personnel to manage its trademarks, for uniform custody and maintaining unit for trademark use information. As of the end of 2023, the Company holds a total of 732 trademarks in Taiwan, 189 trademarks overseas, and 5 patents.
Copyright and Trade Secrets Management
- Aside from the labor contract between the Company and the employee, there is the confidentiality contract which regulates related matters for compliance such as the ownership of intellectual property right and confidentiality during the period after resignation. In response to the digitalization of information and to implement information security control, established the various electronic documents and equipment charters. There are regulations on the storage and maintenance of the company information, strict processes for software installation, and regular review by the IT Department of the employee permission authorization set up and information equipment security. This is to lower possibilities of leaks for trade secrets or confidential information. In addition, the Company passed the ISO 27001:2013 Information Security Management system certification, ensuring the effectiveness of information security management.
- On door access control, we have established the "Rules for Managing the Entry and Exit of the Factory". The principle for the entry and exit of the factory adopts the real-name registration method for anyone who is not personnel of the Company. Additional door access control has been set up for the R&D, manufacturing and so on office units. Persons other than those who have been approved by the managerial officer or led by an employee must not enter or exit the offices by themselves.
Enhance Awareness on Protecting Intellectual Property Rights
- To enhance the employee awareness of intellectual property rights, lower the risks of infringement, strengthen the Company's intellectual property protection, the Legal Affairs Office has organized at least one educational training each year to enhance the employees' concept for intellectual property rights.
- In 2023, the “Fair Trading Act” awareness course was held for employees of the Company and domestic subsidiaries at or above the commissioner level. A total of 789 people received the training, with a completion rate of 99%.
Information Security Management / ISO 27001:2013 ISMS
The Company’s Wang-Tien Factory Area has implemented an Information Security Management System (ISMS) in accordance with international standards and obtained ISO 27001:2013 certification for information security management systems. In November 2023, it passed SGS Taiwan Ltd. renewal audit verification. The scope of verification covers “providing MIS information system and application system development and maintenance, as well as information processing operations related to information datacenters”. The validity period extends until October 31, 2025.
Head of General Management Division convenes an Information Security Management Committee to coordinate and develop annual information security plans, policies, objectives, processes, and resources. It convenes a management review meeting yearly and an information security meeting quarterly to review the performance of each quarter. We have set up one dedicated information security executive and personnel each and applied for membership in the Taiwan Computer Emergency Response Team / Coordination Center to keep abreast of important information on information security and to facilitate the development of relevant countermeasures. In the meantime, we review and strengthen deficiencies through regular audits by an impartial third party.
In the face of internal and external information security risks, the Company actively participates in various industry-government-academic conferences on information security-related topics, continuously learns and grasps the pulse of the information security industry, and adjusts the information security defense framework in a timely manner to ensure that risks can be controlled and reduced. Countermeasures of various information security risks adopted by the Company in 2023:
Head of General Management Division convenes an Information Security Management Committee to coordinate and develop annual information security plans, policies, objectives, processes, and resources. It convenes a management review meeting yearly and an information security meeting quarterly to review the performance of each quarter. We have set up one dedicated information security executive and personnel each and applied for membership in the Taiwan Computer Emergency Response Team / Coordination Center to keep abreast of important information on information security and to facilitate the development of relevant countermeasures. In the meantime, we review and strengthen deficiencies through regular audits by an impartial third party.
In the face of internal and external information security risks, the Company actively participates in various industry-government-academic conferences on information security-related topics, continuously learns and grasps the pulse of the information security industry, and adjusts the information security defense framework in a timely manner to ensure that risks can be controlled and reduced. Countermeasures of various information security risks adopted by the Company in 2023:
Upgrade Equipment Protection
- Replace the NAS server for data storage to improve security and availability.
- Upgrade the wireless network equipment in the plants, improve the wireless network speed and coverage, and enhance the availability and security of services.
- Replacement of environmental control system and surveillance system equipment in the IT room. Security-related data in the physical environment is visualized for real-time management.
Conduct Safety Tests Regularly
- The Company conducts annual vulnerability scanning detection on service hosts and network equipment. With the assistance of third-party information security vendors, vulnerabilities are identified for repair and protection.
- Each year, the Company conducts two information security disaster recovery drills according to the Business Continuity Management Procedures to simulate different scenarios and strengthen relevant personnel to effectively implement SOP in the face of information security incidents to shorten the time of impact.
- Conduct backup and restore tests on the Company's core data every six months and implement an off-site backup mechanism to ensure the backup data's availability and integrity
Raise Information Security Awareness
- Four information security courses with a total length of one hour were offered to strengthen employees' awareness of information security. A total of 787 people were trained, and the completion rate was over 99%.
- Implement social engineering drills to verify the implementation of the concepts learned by employees after participating in information security courses.
Strengthen the Management of Privileged Accounts
- Replacement of remote connection service software to strengthen the security of remote connection at all Sinon Supply Centers in Taiwan.