Objective :
To ensure the confidentiality, integrity, and availability of the Company’s information assets, and to comply with applicable regulatory requirements, so as to protect them from intentional or accidental internal and external threats.
Scope:
Taking into account the Company’s core information systems as well as the needs and expectations of relevant stakeholders, and with the objective of protecting the confidentiality, integrity, and availability of information assets, the Company prioritizes the inclusion of its core systems, IT server room operations and management activities, and the related office environment within the scope of information security management, demonstrating our sustainable development and management philosophy.
Objective
Maintain the confidentiality, integrity, and availability of information, and safeguard personal data privacy.
Protect business service information from unauthorized access or modification to ensure its accuracy and integrity.
Establish an information business continuity plan to ensure the continuous operation of business services.
Ensure that business services comply with applicable laws and regulatory requirements.
Responsibilities
Information Security Committee:
The decision-making body for information development and security management, responsible for planning, establishing, implementing, maintaining, reviewing, and continuously improving the Information Security Management System (ISMS).
Employees, Information System Users, and Outsourced Personnel:
Comply with information security management procedures and adhere to all relevant information security policies and regulations.
Review
Conduct a review at least once a year to reflect the latest developments in competent authorities’ requirements, laws and regulations, technology, organizational structure, and business operations, in order to ensure the effectiveness of information security practices.
Implement
This policy shall be implemented upon approval by the Information Security Committee. The same applies to any revisions.
ISO27001 Certification
The Company successfully obtained the ISO/IEC 27001:2013 certificate issued by (GIC) on November 7, 2023, and continues to maintain the certification in accordance with applicable requirements. The certificate is currently valid until November 6, 2026.
