ISO 27001 Information Security Policy Statement

To ensure the effective operation, supervision, management, and continual improvement of the Company's Information Security Management System (ISMS), and to safeguard the confidentiality, integrity, and availability of core information systems, this Information Security Management Policy is hereby established.

​

This policy aims to provide clear guiding principles for the daily operations of all personnel. Maintaining information security is a shared obligation of all colleagues. We are dedicated to ensuring the secure operation of personnel, data, systems, equipment, and networks. All colleagues are required to possess a deep understanding of these principles and to strictly execute and maintain them to achieve the goal of continuous information operations.

​

Core Vision: "Uninterrupted Energy, Uncompromising Security"

​

1. Implement Information Security and Strengthen Service Quality All colleagues shall thoroughly execute ISMS regulations and adopt appropriate protective measures for business data to ensure its confidentiality, integrity, and availability. We are committed to reducing the risks of leakage, destruction, or loss caused by external threats or improper internal management. Through continuous monitoring, reviews, and audits, we aim to control risks within an acceptable range, thereby strengthening service quality and elevating the overall service level.

​

2. Strengthen Security Training and Ensure Business Continuity We shall implement comprehensive information security management and conduct regular information security educational training to establish a corporate culture where "Information Security is Everyone's Responsibility." This aims to deeply root security awareness in colleagues and ensure strict adherence to operational regulations, thereby enhancing information security defense competencies and emergency response capabilities, effectively reducing risks, and achieving the goal of uninterrupted operations.

​

3. Execute Emergency Response and Rapid Disaster Recovery Comprehensive emergency response and disaster recovery plans shall be formulated for critical information assets and key business operations, with drills performed regularly. This ensures that in the event of information system failure or a major disaster, recovery mechanisms can be rapidly activated to maintain critical business operations and minimize damage.