Security Policy

ISO 27001 Compliant

Objective

To ensure the security of information, systems, equipment, and network communications, Intelligent Information Security Technology Co., Ltd. (hereinafter referred to as "the Company") aims to effectively mitigate risks of information asset theft, misuse, leakage, alteration, or destruction caused by human error, deliberate actions, or natural disasters. The Company establishes this Information Security Policy (hereinafter referred to as "the Policy") to build a robust information security management system. Matters not specified in the Policy shall adhere to relevant governmental information security regulations to achieve the confidentiality, integrity, and availability of information.

To ensure the security of information, systems, equipment, and network communications, Intelligent Information Security Technology Co., Ltd. (hereinafter referred to as "the Company") aims to effectively mitigate risks of information asset theft, misuse, leakage, alteration, or destruction caused by human error, deliberate actions, or natural disasters. The Company establishes this Information Security Policy (hereinafter referred to as "the Policy") to build a robust information security management system. Matters not specified in the Policy shall adhere to relevant governmental information security regulations to achieve the confidentiality, integrity, and availability of information.

Basis

The Policy is formulated in accordance with the following regulations:

  • ISO/IEC 27001:2022 (Information security, cybersecurity, and privacy protection — Information security management systems — Requirements).

  • Personal Data Protection Act.

  • Intellectual Property Rights Act.

The Policy is formulated in accordance with the following regulations:

  • ISO/IEC 27001:2022 (Information security, cybersecurity, and privacy protection — Information security management systems — Requirements).

  • Personal Data Protection Act.

  • Intellectual Property Rights Act.

Content

The Company establishes a comprehensive information security management system based on internal and external issues that may impact information security and the requirements of interested parties regarding information security.

  1. The Information Security Committee is responsible for establishing and promoting the information security system.

  2. Regular information security training and awareness programs are conducted to promote the Policy and related implementation regulations.

  3. A management mechanism for hardware and software resources is established to allocate and utilize resources effectively.

  4. New information systems must incorporate information security considerations during their development to prevent threats to system security.

  5. Physical and environmental security measures are established for computer server rooms, with periodic maintenance performed.

  6. Usage rights for information systems and network services are clearly defined to prevent unauthorized access.

  7. Internal audit plans for information security are implemented to regularly review the use of personal computers and the effectiveness of the information security system.

  8. A business continuity plan for information security is established and tested to ensure uninterrupted business operations.

  9. All personnel are responsible for maintaining information security and must comply with related information security management regulations.

The Information Security Policy shall be periodically reviewed to reflect changes in governmental information security management policies, laws, technologies, the needs and expectations of interested parties, internal and external issues, and the latest state of the Company’s business operations. This ensures the feasibility and effectiveness of the Company’s information security practices.

The Company establishes a comprehensive information security management system based on internal and external issues that may impact information security and the requirements of interested parties regarding information security.

  1. The Information Security Committee is responsible for establishing and promoting the information security system.

  2. Regular information security training and awareness programs are conducted to promote the Policy and related implementation regulations.

  3. A management mechanism for hardware and software resources is established to allocate and utilize resources effectively.

  4. New information systems must incorporate information security considerations during their development to prevent threats to system security.

  5. Physical and environmental security measures are established for computer server rooms, with periodic maintenance performed.

  6. Usage rights for information systems and network services are clearly defined to prevent unauthorized access.

  7. Internal audit plans for information security are implemented to regularly review the use of personal computers and the effectiveness of the information security system.

  8. A business continuity plan for information security is established and tested to ensure uninterrupted business operations.

  9. All personnel are responsible for maintaining information security and must comply with related information security management regulations.

The Information Security Policy shall be periodically reviewed to reflect changes in governmental information security management policies, laws, technologies, the needs and expectations of interested parties, internal and external issues, and the latest state of the Company’s business operations. This ensures the feasibility and effectiveness of the Company’s information security practices.

Amendments and Announcements

The Policy shall be reviewed annually by the Information Security Committee. Amendments may also be made as necessary in response to changes in organizational, operational, legal, or physical environments. The Policy takes effect upon approval by the Chairperson of the Information Security Committee, and the same procedure applies to amendments.

The Policy shall be reviewed annually by the Information Security Committee. Amendments may also be made as necessary in response to changes in organizational, operational, legal, or physical environments. The Policy takes effect upon approval by the Chairperson of the Information Security Committee, and the same procedure applies to amendments.

Intelligent Information Security Technology Incorporated

Rm. 104, No. 47, Yuanqu 2nd Rd., East

Dist., Hsinchu City 300 , Taiwan (R.O.C.)

© 2024 IIST Inc. All Rights Reserved.

Intelligent Information Security Technology Incorporated

Rm. 104, No. 47, Yuanqu 2nd Rd., East

Dist., Hsinchu City 300 , Taiwan (R.O.C.)

© 2024 IIST Inc. All Rights Reserved.

Intelligent Information Security Technology Incorporated

Rm. 104, No. 47, Yuanqu 2nd Rd., East

Dist., Hsinchu City 300 , Taiwan (R.O.C.)

© 2024 IIST Inc. All Rights Reserved.