Information Security Management
Information Security Management Strategy and Framework: Information Security Committee
High-Level Oversight for Cyber Resilience
To strengthen oversight of information security risks and enhance Board functions, Harvatek established the Information Security Committee on November 10, 2022. This was done in accordance with Article 27 of the "Corporate Governance Best Practice Principles for TWSE/TPEx Listed Companies." Through professional review mechanisms, the Committee protects corporate assets and ensures a robust security management system.
Committee Composition
4 Seats
All Independent Directors
Meets at least annually
Committee Responsibilities
🛡️
Management & Oversight:
Reviewing information security policies; formulating management frameworks and organizational functions; and periodically reviewing the development, establishment, and execution results of the company's overall security mechanisms.
Reviewing information security policies; formulating management frameworks and organizational functions; and periodically reviewing the development, establishment, and execution results of the company's overall security mechanisms.
📈
Business & Planning:
Reviewing information security management mechanisms for new business ventures and evaluating annual information security promotion plans.
Reviewing information security management mechanisms for new business ventures and evaluating annual information security promotion plans.
🚨
Incident Response:
Reviewing and approving assessments of losses and subsequent response measures related to major information security incidents.
Reviewing and approving assessments of losses and subsequent response measures related to major information security incidents.
⚖️
Compliance & Reporting:
Reviewing matters required for Board reporting as specified by regulatory authorities, the Board of Directors, or various information security policies.
Reviewing matters required for Board reporting as specified by regulatory authorities, the Board of Directors, or various information security policies.
Information Security Management Framework | 資訊安全管理架構
(II) Information Security Policy: Management Measures and Achievements
I. Continuous Improvement Mechanism (PDCA)
P - Plan
Manage information security risks; mitigate threats via systems, technology, and procedures; establish high-standard confidential protection.
Manage information security risks; mitigate threats via systems, technology, and procedures; establish high-standard confidential protection.
D - Do
Implement innovative defense technologies and hardware/software maintenance to ensure asset confidentiality, integrity, and availability.
Implement innovative defense technologies and hardware/software maintenance to ensure asset confidentiality, integrity, and availability.
C - Check
Perform quantitative analysis of management effectiveness and evaluate security maturity through simulation drills.
Perform quantitative analysis of management effectiveness and evaluate security maturity through simulation drills.
A - Act
Execute quarterly drills and education programs to strengthen employee security awareness and prevent data leakage.
Execute quarterly drills and education programs to strengthen employee security awareness and prevent data leakage.
II. Implementation Framework
✔ Antivirus software installed on all servers and PCs with automated scanning and signature updates.
✔ Regular vulnerability scans and scheduled system patching to mitigate exploit and malware risks.
✔ Email security systems implemented to block spam, malicious attacks, viruses, and suspicious URLs.
✔ Firewalls and Intrusion Detection Systems (IDS) manage network traffic and monitor abnormal packets.
✔ Web browsing security monitoring scans for suspicious sites and viruses to prevent infections.
✔ Regular cybersecurity education and drills conducted to enhance employee awareness and IT management.
III. Invested Resources and Achievements