Sustainable Governance

In 2010, Gemtek established a Information Security Committee to oversee and coordinate information security related matters. This includes the development of information security policies, as well as the promotion, audit, and enhancement of cybersecurity. The company has also adopted the ISO/IEC 27001 international standard for information security management. The purpose is to prevent any form of damage, theft, leakage, tampering, abuse, infringement, or other incidents when storing or transmitting confidential information. Gemtek strictly abides by customer contracts and confidentiality commitments. Based on the ISO/IEC 27001, the company has devised an "Information Security Policy" and "Information Security Handbook" to facilitate the management of relevant affairs and protect personally identifiable information. Although affiliated manufacturing plants have not yet implemented ISO/IEC 27001, their management practices all adhere to the information security standards and framework established by the Taiwan headquarters.

By implementing a comprehensive email filtering platform to guard against malicious attacks such as computer viruses, internet spamming, and phishing emails. The company also reiterates the importance of employees adopting a two-factor authentication mechanism, using both passwords and mobile phones to ensure account security. Additionally, the company has invested in high-performance virtual servers and storage, consolidating these resources to achieve energy efficiency and reduce carbon emissions. The company has also implemented snapshot replications and protective measures against hacker attacks on storage areas. For the same reasons, an internal firewall has been set up to segment networks and strengthen defenses for server networks. An MDR (Managed Detection and Response) threat detection system and response services have also been introduced, with remote support provided by professional cybersecurity firms.

The company has established comprehensive business continuity management procedures to minimize the risk of disruptions in information operations. These include backup processes, hardware and software support, and restoration equipment. Drills based on Business Continuity Plans (BCP) are conducted on a regular basis, which include system and database backups, restorations, and system resets. The purpose of these drills are designed to keep professional IT personnel aware of the prevailing and emerging cyber threats. In 2023, the company conducted 58 system disaster recovery drills, simulating various impact scenarios to ensure the continuous operation of information systems and mitigate potential losses. To evaluate the effectiveness of the chosen information security controls and ensure that the Information Security Committee understands the current operation of the information security management system, the company has established a total of 13 information security indicators for monitoring on a monthly, quarterly, semi-annual, and annual basis. The company also conducts two internal management review meetings and one external audit annually to ensure the ongoing applicability, adequacy, and effectiveness of the ISMS (Information Security Management System). In 2023, all information security indicators for the various manufacturing plants met the standards, and no major or minor non-conformities were found during the external audit at the Taiwan headquarters.

In an effort to raise information security awareness in the workplace, the company periodically issues public announcements about the latest cybersecurity breaches. These announcements serve as reminders to colleagues to remain vigilant and take all necessary precautions to prevent any incidents from happening. The company also holds information security education and training programs, which include an overview of Information Security policies and network security practices. In 2023, the company had organized 13 information security training events, with a total of 633 participants and 614 cumulative hours dedicated to these activities.