The Company is responsible for reviewing the information security governance policies of each unit and supervising the operation of information security management in order to enhance information security management. It is expected to construct a comprehensive information security protection mechanism and enhance the good information security awareness of colleagues through the management, planning, supervision, and promotion of professional information security units.
The Information Departmentis responsible for coordinating, managing, and supervising information security operations, which mainly cover the relevant information services provided by the department and the needs of other departments in the Company. We regularly conduct vulnerability scans, effectiveness checks of protective systems, and other related security testing tasks. We regularly assess information security risks and report to the information supervisor, as well as provide relevant security awareness and educational training courses. Through the operation of the Information Department and the implementation of security policies, we provide a secure and safe information security environment to ensure the information security of all company services.

Formosa Laboratories Protection of software and hardware equipment and data measures for information security

1. Computer Room : The physical servers and related equipment used for the Company's infrastructure information system platform are all housed in a computer room with access control. Only authorized personnel and administrators are allowed entry.
2. Hardware : The Company's servers, network equipment, and other hardware are designed with backup fault tolerance and clustering to ensure high availability of the system and hardware equipment.
3. Storage Equipment : The Company utilizes physical equipment for data storage and backup, complemented by designs such as disk arrays and redundancy, to improve data protection and availability.
4. Firewall : The Company has installed network security devices that can block different networks, preventing external unauthorized users from intentionally damaging, attacking, or tampering with the system and data to ensure their integrity.
5. Intrusion Detection and Defense System : The Company identifies attack behaviors and system vulnerabilities based on the built-in feature database, providing administrators with early warning, evidence collection, and recording, as well as proactive response.
6. All company computers must have antivirus software installed.
7. The computer system must have account and password control, and the password must be regularly updated.
8. The IT system is equipped with a UPS uninterruptible power supply system to prevent damage caused by power outages.
9. Employees working remotely need to connect to the Company through a VPN.
10. Performing system backups and offsite backups every day.
11. Regularly conducting disaster recovery drills.
12. Screen Protection Program : The Company has set up a system that automatically locks the workstation when the user leaves the seat or the computer is not in operation for a period of time. To unlock the computer, the user must enter their username and password, forcing them to establish a new access period for the control system.
13. It is recommended that all personal computers be turned off after work to save energy, reduce carbon emissions, and minimize the risk of unauthorized access.

▼Information security measures and key digital technology programs in 2024