Risk Management

Information Security Management Structure Implementation

To strengthen information security management for company transformation, Falcon established its Big Data and Cyber Security Division for information security policy development, planning, coordination, implementation of information security protection, information security risk assessment and management, comprehensive information security planning, and information security management solution development year by year.

The company's Information Security Audit and Decision-Making entity operate within the General Administration Department. It is responsible for reviewing and deciding upon matters related to information security management. Within this entity, there is an Information Security Department led by the Chief Information Security Officer (CISO), overseeing at least one information security supervisor and one or more dedicated information security personnel. They regularly review policies and objectives and plan, establish, and monitor compliance with information security regulations.

2.Information Security Policy

Objectives of information security: To maintain the confidentiality, completeness, and availability of business information including sensitive information at Walsin Lihwa, all the employees, internal and external information service users, and 3rd-party service contractors are expected to work steadfastly together to achieve the following objectives:

  • 1.Comply with relevant laws and regulations to protect company confidential information; prevent unauthorized access, tempering, damage, and/or improper disclosure.
  • 2.Protect company business information from unauthorized access or disclosure to ensure the correctness of every category of business information.
  • 3.Set up comprehensive business continuity planning and procedures for effective management of information security events to ensure such events are properly responded, controlled, and processed, and conduct scenario drills on a regular basis to ensure ongoing operation of IT systems and information services in case of any information security events.
  • 4.Cautiously handle and protect personal information and intellectual property rights pursuant to relevant domestic and overseas requirements.
  • 5.Review the status of compliance with information security requirements to ensure effective information security management.
  • 6.Enhance employees’ awareness of information security and reduce the risks associated with how information is used through management review, risk appraisal. internal auditing, education and training, and information security drills.
  • 7.Require all the employees to strengthen compliance with the Information Security Policy as well as relevant regulations and SOPs.

3.Specific Program for Information Security Management

Develop information security plans for information security policy implementation year by year, bring in information security systems and workflow standards, and continue making information security technologies and relevant protection measures more complete.

The specific management program has 5 objectives, separation of intranet from extranet, multi-layered security defense, identification of security loopholes or other potential risks by log analysis and security inspection, smart security protection, and behavior analysis by log and big data analysis at the security operation center, which can be achieved step by step through 4 approaches, IT governance, data and equipment protection, network and system control, and boundary defense.

The specific management program includes:

  • 1.Implement adequate access authorization and protection based on the confidentiality levels of information assets to reduce exposure to risks.
  • 2.Continue bringing in advanced information solutions to enable effective system, host, and network behavior management and protection.
  • 3.Provide education and training on a regular basis to share new knowledge on information security and strengthen employees’ awareness of information security.
  • 4.Focus on important systems to conduct disaster backup drills on a regular basis to rapidly resume operation in case of any disasters.
  • 5.Evaluate and improve endpoint, server, and network equipment protection, and engage 3rd party professional services such as the information security inspection and diagnosis provided by the Industrial Development Bureau, Ministry of Economic Affairs.
  • 6.In the future, information security at Walsin Lihwa will focus on prevention of online leaks of R&D results and intellectual property rights, production line and equipment protection from hacker attacks, and capability development for rapid responsiveness to information security events to cope with the challenges from comprehensive digitalization brought in by Industry 4.0.
  • 7.The Company is committed to effective information security management, and a comprehensive information security management system is in place to ensure the confidentiality, integrity, and availability of all the company data and keep strengthening information security management by effective prevention, monitoring, and responsiveness throughout any information security event.