In order to strengthen the risk management of information security, the company has established information security unit to conduct risk management framework, formulated an information security policy, specific management plans, and invested resources in information security management. The details of police will be reviewed regularly.

Information security Risk Management Framework

Information Security Policy

1. The Purpose

This policy is specially formulated in order to strengthen the risk management of information security and ensure the security of data, systems, equipment and networks.

2. Information security goals

Ensure the correctness, availability, integrity and confidentiality of the company’s information security. Avoid the threat of internal and external information security incidents. In the event of an accident, it can also respond quickly and return to normal operation in the shortest time, reducing the damage caused by the accident.

3. Measurement of Information security

4.Audit and revision

This policy is implemented after approval by the general manager of the group-company, and the same as revision.

Information security specific management plan

NDB group considers that information security insurance is still a new type of insurance. The company’s current information security risk management plan can effectively protect information security. Therefore, after evaluation by the information security unit, it is not necessary to purchase information security insurance at this moment.
NDB group’s specific information security management plan is distinguished by the time point of the information security incident, which can be divided into pre-prevention, daily operation maintenance, and trouble shooting. The specific management plan is as follows:

Category

Description

Content

Information Collection

Join TWCERT/CC

Prevent External Invasion

Install firewall and antivirus software

Prevent data leakage

Account and authority management

Daily operation maintenance

Data backup and related inspection

Information Security Incident Handling

Establish relevant operational procedures and recovery plans

The company has invested resources in information security management since 2023

Major information security incidents in 2023

There was no major information security incidents, such as violation of information security and leakage of customer information in 2023. There was also no case of legal action or any penalty associated with violation or loss of customer data.

Information security Risk Assessment

In accordance with Regulation of “Information Security Management” The company promotes various information security policies and implements various information security operations, supervises colleagues to follow information security standards, conducting information security risk assessment, inspecting operation deficiencies, and continuously process improvement to ensure that Information is fully secured. In addition, the internal control system of effectiveness assessment and information operation evaluation have carried out regularly every year to ensure its effectiveness. As a consequence, there is none of information security risk has found.

In order to strengthen the risk management of information security, the company has established information security to conduct risk management framework, formulated an information security policy, specific management plans, and invested resources in information security management. The details of police will be reviewed regularly.

Information security Risk Management Framework

Information Security Policy

1. The Purpose

This policy is specially formulated in order to strengthen the risk management of information security and ensure the security of data, systems, equipment and networks.

 

2. Information security goals

Ensure the correctness, availability, integrity and confidentiality of the company’s information security. Avoid the threat of internal and external information security incidents. In the event of an accident, it can also respond quickly and return to normal operation in the shortest time, reducing the damage caused by the accident.

3. Measurement of Information security

4. Audit and revision

This policy is implemented after approval by the general manager of the group-company, and the same as revision.

Information security specific management plan

NDB group considers that information security insurance is still a new type of insurance. The company’s current information security risk management plan can effectively protect information security. Therefore, after evaluation by the information security unit, it is not necessary to purchase information security insurance at this moment.

NDB group’s specific information security management plan is distinguished by the time point of the information security incident, which can be divided into pre-prevention, daily operation maintenance, and trouble shooting. The specific management plan is as follows:

Category

Information Collection

Description

Join TWCERT/CC

Content

Category

Prevent External Invasion

Description

Install firewall and antivirus software

Content

Category

Prevent data leakage

Description

Account and authority management

Content

Category

Daily operation maintenance

Description

Data backup and related inspection

Content

Category

Information Security Incident Handling

Description

Establish relevant operational procedures and recovery plans

Content

The company has invested resources in information security management since 2023

Major information security incidents in 2023

There was no major information security incidents, such as violation of information security and leakage of customer information in 2023. There was also no case of legal action or any penalty associated with violation or loss of customer data.

Information security Risk Assessment

In accordance with Regulation of “Information Security Management” The company promotes various information security policies and implements various information security operations, supervises colleagues to follow information security standards, conducting information security risk assessment, inspecting operation deficiencies, and continuously process improvement to ensure that Information is fully secured. In addition, the internal control system of effectiveness assessment and information operation evaluation have carried out regularly every year to ensure its effectiveness. As a consequence, there is none of information security risk has found.

Scroll to Top