Information Security Management
Everlight Chemical recognizes information security as a crucial issue for sustainable corporate development. We established the “Information Security and Personal Data Management Committee” in 2016, and appointed a Chief Information Security Officer in 2023, responsible for guarding against external threats and internal management lapses.
▍Information Security Committee Organization
▍Specific Practices
In July 2019, the Information Security and Personal Data Management Committee decided to introduce external consultancy resources. In December of the same year, the “Information Security Management System Implementation and Verification Project” was launched; it successfully passed the ISO 27001 Information Security Management System certification in 2021.
- Regular conduct vulnerability scanning, system updates, and social engineering attack drills to reduce hacker intrusions.
- Use a firewalls to filter malicious websites and programs.
- Use email filtering software to filter out email viruses and spam.
- Update antivirus software to prevent infection from various viruses.
- Conduct audits on software and hardware suppliers and sign a “Non-disclosure Agreement” with outsourcing vendor personnel.
- Join the “Taiwan CERT/CSIRT Alliance” for sharing cybersecurity intelligence and coordinating responses to cybersecurity incidents.
- Strengthen network security awareness and training.
- Implement encryption systems for securing confidential documents to prevent data leakage.
- Regular back up critical servers and sign contracts for backup services, along with annual disaster recovery drills.
- Regular review privileged and general accounts to manage account control.
- Set up system development and testing environments to minimize human errors.
- External personnel must apply for access to internal network resources (WiFi).
- Collect system logs to prevent unauthorized system access.
- USB flash drives must be registered before they can be used on company computers.
▍Performance Outcomes in 2023
There were no information security incidents that affected the Company’s operations.
- The “Information Security and Personal Data Management Committee” regularly holds meetings, and the head of the IT department reports the results of information security implementation to the board of directors annually. The most recent report was made on November 9, 2023.
- The Company continued to maintain ISO 27001 information security management system certification in 2023.
▍Information Security and Personal Data Incident Reporting Process
According to the operational principles for handling information security and personal data incidents. If a major information security incident occurs, the Company will promptly follow the established procedures to address the incident and minimize the impacts.
1
Inform
2
Initial judgment of the problem
3
Problem analysis
4
Obstacle removal operations
5
Service recovery operations
6
Close the case