XML 56 R40.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

To enhance information security, our company has collaborated with Deloitte Taiwan, a third-party consulting firm, for the fiscal year ended December 31, 2023 and 2024, to strengthen our risk management procedures. Currently, our company maintains the Risk Assessment Work Instructions, the Network and Communication Management Work Instructions, and the Emergency Response and Disaster Recovery Management Work Instructions. These guidelines enable the effective implementation of risk management and assessment strategies, network control measures, information security incident classification, and incident reporting procedures.

With the increasing frequency of cyberattacks, our company continues to implement strict preventive measures against network attacks. Our information technology (IT) department is led by a supervisor with more than 20 years of management experience. The department comprises professionals specializing in information security technology and software development. Security specialists within the department are responsible for implementing network security control measures, including firewall intrusion detection and prevention, internal and external network domain access control, regular antivirus software updates, physical management of information equipment, and periodic updates of IT hardware. These measures aim to ensure a secure R&D environment and mitigate operational risks.

For additional information regarding risks to the Company from cybersecurity threats. Please see “Item 3.D. Key Information — Risk Factors — Risks Related to Our Financial Condition and Business —System security risks, data protection breaches or unexpected system outages or failures could impact our business.”
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

To enhance information security, our company has collaborated with Deloitte Taiwan, a third-party consulting firm, for the fiscal year ended December 31, 2023 and 2024, to strengthen our risk management procedures. Currently, our company maintains the Risk Assessment Work Instructions, the Network and Communication Management Work Instructions, and the Emergency Response and Disaster Recovery Management Work Instructions. These guidelines enable the effective implementation of risk management and assessment strategies, network control measures, information security incident classification, and incident reporting procedures.

With the increasing frequency of cyberattacks, our company continues to implement strict preventive measures against network attacks. Our information technology (IT) department is led by a supervisor with more than 20 years of management experience. The department comprises professionals specializing in information security technology and software development. Security specialists within the department are responsible for implementing network security control measures, including firewall intrusion detection and prevention, internal and external network domain access control, regular antivirus software updates, physical management of information equipment, and periodic updates of IT hardware. These measures aim to ensure a secure R&D environment and mitigate operational risks.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our company has established an Information Security Committee, chaired by the Vice President of the Sales and Operations Center, with representatives from each department serving as committee members. The committee coordinates various information security control measures and management strategies. Under the committee, a task-oriented Emergency Response Team has been formed. When a suspected information security incident occurs, this team evaluates the severity of the incident. In case of significant cybersecurity incidents, the team will implement damage control and recovery procedures, followed by root-cause analysis, investigation, and improvement actions. Additionally, an Information Security Management Team composed of representatives from the IT department and each functional unit has been established to execute policy discussions, policy tracking, and related operational tasks.

Our company’s Information Security Committee reports annually to the Board of Directors regarding information security achievements. The report includes assessments of internal and external cybersecurity risks, investigation and handling of information security incidents, action plans for high-risk cybersecurity matters, and annual information security programs. Additionally, cybersecurity awareness training is conducted annually for Board members to enhance their expertise in cybersecurity governance.

In 2024, our company experienced no significant information security incidents. To further strengthen employees’ cybersecurity awareness, the company not only conducts cybersecurity awareness campaigns but also administers four cybersecurity assessments each year. All employees who participated in these assessments have successfully met the required standards, ensuring the effective implementation of our information security policies.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Board of Directors
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our company has established an Information Security Committee, chaired by the Vice President of the Sales and Operations Center, with representatives from each department serving as committee members. The committee coordinates various information security control measures and management strategies. Under the committee, a task-oriented Emergency Response Team has been formed. When a suspected information security incident occurs, this team evaluates the severity of the incident. In case of significant cybersecurity incidents, the team will implement damage control and recovery procedures, followed by root-cause analysis, investigation, and improvement actions. Additionally, an Information Security Management Team composed of representatives from the IT department and each functional unit has been established to execute policy discussions, policy tracking, and related operational tasks.
Cybersecurity Risk Role of Management [Text Block] The committee coordinates various information security control measures and management strategies. Under the committee, a task-oriented Emergency Response Team has been formed. When a suspected information security incident occurs, this team evaluates the severity of the incident. In case of significant cybersecurity incidents, the team will implement damage control and recovery procedures, followed by root-cause analysis, investigation, and improvement actions. Additionally, an Information Security Management Team composed of representatives from the IT department and each functional unit has been established to execute policy discussions, policy tracking, and related operational tasks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Information Security Committee
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] To further strengthen employees’ cybersecurity awareness, the company not only conducts cybersecurity awareness campaigns but also administers four cybersecurity assessments each year. All employees who participated in these assessments have successfully met the required standards, ensuring the effective implementation of our information security policies
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Our company’s Information Security Committee reports annually to the Board of Directors regarding information security achievements. The report includes assessments of internal and external cybersecurity risks, investigation and handling of information security incidents, action plans for high-risk cybersecurity matters, and annual information security programs. Additionally, cybersecurity awareness training is conducted annually for Board members to enhance their expertise in cybersecurity governance.

In 2024, our company experienced no significant information security incidents. To further strengthen employees’ cybersecurity awareness, the company not only conducts cybersecurity awareness campaigns but also administers four cybersecurity assessments each year. All employees who participated in these assessments have successfully met the required standards, ensuring the effective implementation of our information security policies.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true