Information Security Policy
1. Purpose
Concord Technology Co., Ltd. (hereinafter referred to as "the Company") is committed to ensuring the security of its corporate information assets and protecting the rights and interests of customers and partners. This Information Security Policy is established to strengthen information security management, prevent various types of security incidents, and ensure the confidentiality, integrity, and availability of information. The Company adheres to relevant laws and regulations in Taiwan as well as international standards.
2. Scope
This policy applies to all information systems, network equipment, servers, applications, cloud services, and data processed by the Company. It covers, but is not limited to, the Company's employees, partners, customers, and visitors using the Company's website.
3. Information Security Management Principles
To maintain information security, the Company follows the principles below:
(1) Information Access and Permission Management
-
Access is granted based on users’ responsibilities and needs, following the principle of Least Privilege, ensuring that employees and partners only access the necessary information.
-
Access to critical information systems and data requires identity verification and authorization, with regular permission reviews.
(2) Data Protection and Confidentiality Management
-
Customers' personal data and confidential business information are protected and must not be accessed, altered, or disclosed without authorization.
-
Highly confidential information is encrypted to protect it during transmission and storage.
(3) System and Network Security
-
The Company’s websites and information systems are equipped with firewalls and antivirus software to prevent malicious attacks and intrusions.
-
Security patches for systems and applications are regularly updated to reduce the risk of vulnerabilities.
-
Security logs and monitoring are used to detect abnormal activities in real time and implement responsive actions.
(4) Data Backup and Disaster Recovery
-
Regular backup mechanisms are in place to ensure the quick recovery of critical data in the event of system failures, disasters, or cyberattacks.
(5) Security Education and Awareness
-
Internal information security management guidelines are established, and all employees and partners are required to comply with these standards.
4. Handling of Information Security Incidents
-
In the event of an information security incident (such as data breaches, system attacks, or malware infections), the Company will promptly assess the impact and take remedial actions.
-
All incident handling procedures will be documented and analyzed to improve and strengthen future security protections.
5. Regulatory Compliance and Continuous Improvement
The Company is committed to complying with the ISO 27001 international information security standard and relevant Taiwanese regulations. We will regularly review and update this Information Security Policy to ensure that the information security management system can adapt to the latest threats and challenges.
This policy shall take effect from the date of publication and applies to all of the Company’s operations and services.