Information Security

Information security governance

With reference to the FSC’s “Information Security Control Guidelines”, AP Memory has formulated management measures such as “Information Security Management Measures”, “Computerized Information Processing Operation Cycle”, “Emergency Response Plan”, and “Information Security Risk Assessment Report”.

Considering the importance of information security to the semiconductor industry and remote office under the epidemic situation in the past two years, it is necessary to maintain internal operations through digital tools such as cloud and networking, thus strengthen the operation item of “Information Security Check Control”. Besides internal management, AP Memory also cooperates with external professional information security firm, cooperation projects include consulting, information security emergency handling, major information security incident information sharing, regular network audits and other projects, and implement network external audits in 2022 to reduce internal information security risk.

In 2022, AP Memory continues to strengthen the FTP server and website security , software installation control, intranet isolation and other projects for external services, so as to continue to improve the internal information security environment under the evolving information security risk events and to reduce possible information security impacts.

 

Information security governance structure

We have the Information Security Committee, which consists of two working groups, the “Information Security Technical Group” and the “Information Security Planning Group”, comprising of information technology professionals, operational departments/supervisors, auditors, and legal affairs, and is responsible for the planning and execution of information security management strategies.

 

Information security drills and education training

Penetration test

  Held annually, the commission invites information security vendor to try to hack into the company’s website to find out the weaknesses of the website and repair it.

Social engineering drills

  4 drills a year with 80 people each time, providing both traditional Chinese and simplified Chinese for different regions of the company.

Education and training

  Regular information security advocation, 2 sessions have been held in 2023. The Company conducts information security education and training regularly to improve the related concept company-wide. The Company also implements various IT measures to enhance enterprise information security.