Information Security Management Policy
Organization and Operation of Information Security Management
Simplo Technology has established an Information Security Committee responsible for implementing information security-related regulations. Simplo Technology holds monthly information security meetings to review the implementation status of information management plans and keep abreast of emerging information security issues. The information department regularly participates in internal corporate information security-related meetings to ensure the implementation of the information security management policy; the Audit Office serves as the auditing unit for overseeing information security, conducting annual information security audits on the electronic data processing cycle of the internal control system to assess the effectiveness of the Company's information operational control, and reports the results regularly to the Board of Directors.
Passed ISO 27001 Certication
In 2023, Simplo (Taiwan) introduced the Information Security Management System (ISMS) and obtained third party ISO/IEC 27001 information security management system certification. The scope of certification includes information service infrastructure and information management operational processes. By introducing the information security management system, the Company not only enhances its information security protection, but also protects the interests of both the Company and its customers. We passed the third-party ISO 27001 review audit in 2024, continuously adhering to information security management regulations.
Information Security Training and Promotion
New employees of the Company will receive basic information security education and training upon joining. In addition, the IT Department conducts information security awareness campaigns occasionally for current employees through the Company's internal portal or email. The topics of awareness include information security policies, secure email usage regulations, internet usage safety regulations, remote secure operational procedures, and general information security (including: trends in information security, social engineering awareness, and OA information security managemen).
Evaluation and Response Measures for Information Security Risk
• Simplo Technology has established Risk Evaluation Guidelines in response to information and communications security risks.
• Manage risks for critical information assets and core systems based on the level of impact from factors such as value, vulnerabilities, and threats.
• Establish a data backup mechanism: Formulate standard operating procedures such as backup and disaster recovery control methods, and conduct irregular disaster recovery tests every year to ensure the normal recovery of information systems and lower the risk of system interruption caused by unforeseen natural disasters or human errors.
✓ In 2024, there were zero major information security incidents leading to business damage.
• Deployment of technology-related information security functions: Including network firewalls, email security systems, antivirus systems, operating system updates, and system vulnerability scanning to control and reduce information security risks.
• Users' computer information security management
✓ Establish security policies for employees' email management, Internet usage management, computer system resources management, computer antivirus management, file access control, and remote access management to ensure the confidentiality, completeness, and availability of Company information.
✓ The control includes the following items:
