Specific management plans and resources devoted to information security management

The Company focuses on information security control, and the specific measures adopted for information security protection are mainly based on five aspects of information security management:

01

Staff Management

At the time of employment, the Company signs a “contract of employment” with the employee, which stipulates that the intellectual property rights of all creations and inventions made by the employee during the employment period shall be vested in the Company. At the same time, the Company signs a detailed “confidentiality agreement” with the employee, which stipulates that the employee is responsible for maintaining the confidentiality of all business information, technology, processes, programs, procedures, designs or any other confidential information that the employee may use in the design, sale or operation of the Company, whether during or after the termination of the employment contract. The Company may impose penalties in accordance with its work rules for any breach of contract.


In case of contract violation, the Company may impose penalties in accordance with the work rules and, depending on the seriousness of the situation, may pursue criminal liability. The Company uses various meetings to educate employees from time to time, including the protection of business secrets, access control rules, and the principle of disclosing information to the outside world, etc., so that employees can establish correct concepts and develop good working habits.

02

Device Control

The Company’s computer equipment must be installed with antivirus software. The system will determine that the computer meets the specifications before granting network connection authorization. Any unauthorized computer equipment is strictly prohibited from accessing the Company’s network, and the system will automatically block any unauthorized equipment to prevent non-compliant computer devices from affecting the Company’s internal network and equipment.

03

Authority Management

To avoid theft and fraudulent use of accounts, Company employees are required to pass two-factor authentication (system account password + OTP one-time password) to access their personal computers. Each R&D project has strict permission control. Project members are required to submit a form to apply for access privileges. The information management staff will set the access privileges after the supervisor’s approval. Access privileges are reviewed once every six months to ensure the correctness of privilege management.

04

Data Management

The Company’s R&D-related data are stored in dedicated storage devices with high-availability redundancy, and project R&D data are controlled by privileges, allowing only authorized members to access them. The Company’s R&D data has a complete regular backup mechanism and is stored off-site to ensure disaster recovery capability in the event of a disaster.

05

Export Management

When the product is delivered to the customer, the application must be completed. The data will be encrypted by the system and uploaded directly to the dedicated space provided by the Company to the customer for downloading without the intervention of anyone in the industry. This dedicated space only allows the specific IP device connection provided by the customer. The connection opening time is limited to one month.

Type Item Prevention Purpose Information Security Management Resources Description
Staff Management Information security advocacy Prevention reduces the chance of getting a virus Information security advocacy for new hires
Regularly share cases of major domestic and international information security abnormalities with employees
Device Control Antivirus software
Untrusted device blocking		 Prevention of software virus Information Security System Procurement and Implementation
The system determines that the computer meets the criteria before granting permission to connect to the network.
If there is an unauthorized device accessing the system, the network will be blocked.
Authority Management Two-factor authentication
Project authority control		 Avoid account impersonation

Two-factor authentication system setup
To log in to a personal computer, all colleagues must pass two-factor authentication (system account password + OTP one-time password) to avoid theft and fraudulent use of the account.

Internal R&D management system development
Each R&D project has strict permission control. Project members need to submit a form application and the information management staff will set the access permission after the approval by the supervisor.
Data Management Professional Storage Equipment
Local redundancy architecture
Off-site data backup		 Avoid Data loss

Professional Storage Equipment Procurement
With the high availability of redundancy capabilities, project R&D data are controlled by permissions, and only authorized members are allowed to access it.

Professional Backup Software Procurement
The company’s R&D data has a complete regular backup mechanism.
Off-site storage to ensure resilience in the event of a disaster.
Export Management Automated system rotation
Dedicated encryption space		 Avoid Data breach Internal shipment management system development
When the product is delivered to the customer, an application form is required. After the approval of the relevant supervisor and sales contractor, the system will encrypt the data and upload it directly to the exclusive space provided by the Company for the customer to download without any manual intervention.
Exclusive space allows only certain IP devices provided by customers to connect, and the connection opening time is limited to one month.

Information Security Management Execution Overview

On August 3, 2023 the Board of Directors reported the following executive highlights for the year:

Item Execution Details Execution Results
Microsoft Operating System Upgrade Win7 & Win2008 operating systems are no longer provided with security updates. To minimize the potential security risk, the upgrade is performed as the following:
Win 7 to Win 10 Upgrade Completion Rate 100%
Win 2008 to Win 2019 Upgrade completion rate 100%.		 Any high-risk vulnerabilities in the operating system can be patched immediately and there are currently no major cybersecurity incidents.
Server room UPS system battery replacement The Eaton UPS system in the server room was relocated from the old office. During routine maintenance, it was discovered that the batteries had aged, resulting in an unstable power storage time. As a result, a planned replacement operation was carried out.
After replacing the old batteries, the power storage time was extended from 15 to 50 minutes.		 To prevent data corruption, ensure sufficient response time for critical server shutdown during unexpected power interruptions.
Information Security Awareness Enhancement To minimize the threat of phishing emails, the email rules have been adjusted. All emails from external sources have the “[External]” tag added to the subject line, and a “Reminder” is also added to the email text to remind colleagues to be more vigilant and exercise caution when clicking on links and attachments. There are currently no major cybersecurity incidents.
Simulation Computing Spatial Data Management To prevent the failure of RD simulation jobs due to insufficient storage space, the Company has not only initiated new storage space procurement operations based on business needs but has also established an automated scanning mechanism, which automatically generates a weekly space usage report to provide RD colleagues with the ability to confirm and remove temporary simulation files to ensure that the frontline simulation space is maintained at a safe level. The storage space has a real-time monitoring mechanism and regular space reviews are conducted. Currently, there have been no incidents of insufficient storage space.