XML 56 R41.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Our cybersecurity risk management program aims to identify threats, to present and evaluate them transparently, to mitigate, and to manage them proactively. We have developed an Information Security Management System ("ISMS") in accordance with ISO (International Organization for Standardization) 27001 intended to protect the confidentiality, integrity, and availability of our critical systems and information.

We conduct assessments in the event of a material change in our business practices that may affect information systems, products, services, and our IT environment. These assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks.
In 2024, all APWC subsidiaries completed their information security risk assessments, including information classification, threat and vulnerability identification, and risk impact and likelihood analysis. Management representatives and members of APWC's ISMS Committee evaluated the results of these assessments and designed corresponding risk treatment plans based on risk levels and objectives.
APWC's ISMS Committee has established corresponding information security management objectives based on the risk assessment results. The committee also emphasizes enhancing professional information security training and raising awareness of information security protection among all employees as key development goals. This preventative measure seeks to address increasing cybersecurity threats and to implement the PDCA (Plan, Do, Check, Act) continuous improvement cycle to enhance APWC's information security governance capabilities.

Despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurance that we have not experienced an undetected cybersecurity incident. For more information about these risks, see “Item 3.D.: Risk Factors: Risks Related to Our Business: Information systems failure or cybersecurity breaches could have a material adverse effect on our business, financial condition, and results of operations."
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Our cybersecurity risk management program aims to identify threats, to present and evaluate them transparently, to mitigate, and to manage them proactively. We have developed an Information Security Management System ("ISMS") in accordance with ISO (International Organization for Standardization) 27001 intended to protect the confidentiality, integrity, and availability of our critical systems and information.

We conduct assessments in the event of a material change in our business practices that may affect information systems, products, services, and our IT environment. These assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks.
In 2024, all APWC subsidiaries completed their information security risk assessments, including information classification, threat and vulnerability identification, and risk impact and likelihood analysis. Management representatives and members of APWC's ISMS Committee evaluated the results of these assessments and designed corresponding risk treatment plans based on risk levels and objectives.
APWC's ISMS Committee has established corresponding information security management objectives based on the risk assessment results. The committee also emphasizes enhancing professional information security training and raising awareness of information security protection among all employees as key development goals. This preventative measure seeks to address increasing cybersecurity threats and to implement the PDCA (Plan, Do, Check, Act) continuous improvement cycle to enhance APWC's information security governance capabilities.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
Governance

In 2024, APWC established the ISMS Committee (Information Security Management Committee), with APWC's CEO serving as the management representative responsible for promoting APWC's overall information security management objectives and providing leadership commitment. The ISMS Committee has designated the APWC Information Director as the Information Security Manager who is responsible for planning information security policies and processes and leading subsidiary members in implementing these policies. The ISMS Committee is comprised of members from all subsidiaries, including the senior management and managers responsible for implementing information security policies and procedures within their respective subsidiaries.

Members of the Audit Committee receive regular cybersecurity updates from management, which include existing and new cybersecurity risks, how management is addressing, managing and/or mitigating those risks, relevant cybersecurity and data privacy incidents, and the status of key information security initiatives.

If a cybersecurity incident occurs, our cybersecurity-related departments will promptly organize personnel for an internal assessment. If it is determined that the incident could potentially be a material cybersecurity event, the cybersecurity-related departments will promptly report the incident and assessment results to our CEO and CFO, and, to the extent appropriate, consult external legal counsel. Management would then prepare disclosure materials on the cybersecurity incident, which materials would require the review and approval of our Board before being disseminated to the public.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] In 2024, APWC established the ISMS Committee (Information Security Management Committee), with APWC's CEO serving as the management representative responsible for promoting APWC's overall information security management objectives and providing leadership commitment.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The ISMS Committee has designated the APWC Information Director as the Information Security Manager who is responsible for planning information security policies and processes and leading subsidiary members in implementing these policies. The ISMS Committee is comprised of members from all subsidiaries, including the senior management and managers responsible for implementing information security policies and procedures within their respective subsidiaries.
Members of the Audit Committee receive regular cybersecurity updates from management, which include existing and new cybersecurity risks, how management is addressing, managing and/or mitigating those risks, relevant cybersecurity and data privacy incidents, and the status of key information security initiatives.
Cybersecurity Risk Role of Management [Text Block] The ISMS Committee has designated the APWC Information Director as the Information Security Manager who is responsible for planning information security policies and processes and leading subsidiary members in implementing these policies. The ISMS Committee is comprised of members from all subsidiaries, including the senior management and managers responsible for implementing information security policies and procedures within their respective subsidiaries.
Members of the Audit Committee receive regular cybersecurity updates from management, which include existing and new cybersecurity risks, how management is addressing, managing and/or mitigating those risks, relevant cybersecurity and data privacy incidents, and the status of key information security initiatives.

If a cybersecurity incident occurs, our cybersecurity-related departments will promptly organize personnel for an internal assessment. If it is determined that the incident could potentially be a material cybersecurity event, the cybersecurity-related departments will promptly report the incident and assessment results to our CEO and CFO, and, to the extent appropriate, consult external legal counsel. Management would then prepare disclosure materials on the cybersecurity incident, which materials would require the review and approval of our Board before being disseminated to the public.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
In 2024, APWC established the ISMS Committee (Information Security Management Committee), with APWC's CEO serving as the management representative responsible for promoting APWC's overall information security management objectives and providing leadership commitment. The ISMS Committee has designated the APWC Information Director as the Information Security Manager who is responsible for planning information security policies and processes and leading subsidiary members in implementing these policies. The ISMS Committee is comprised of members from all subsidiaries, including the senior management and managers responsible for implementing information security policies and procedures within their respective subsidiaries.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
Members of the Audit Committee receive regular cybersecurity updates from management, which include existing and new cybersecurity risks, how management is addressing, managing and/or mitigating those risks, relevant cybersecurity and data privacy incidents, and the status of key information security initiatives.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Members of the Audit Committee receive regular cybersecurity updates from management, which include existing and new cybersecurity risks, how management is addressing, managing and/or mitigating those risks, relevant cybersecurity and data privacy incidents, and the status of key information security initiatives.

If a cybersecurity incident occurs, our cybersecurity-related departments will promptly organize personnel for an internal assessment. If it is determined that the incident could potentially be a material cybersecurity event, the cybersecurity-related departments will promptly report the incident and assessment results to our CEO and CFO, and, to the extent appropriate, consult external legal counsel. Management would then prepare disclosure materials on the cybersecurity incident, which materials would require the review and approval of our Board before being disseminated to the public.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true