Information Security Management Policy

Information Security Management Policy : 人人做資安 資通保平安

To continuously enhance information security management and safeguard the confidentiality, integrity, and availability (CIA) of critical information systems, Ennoconn has established comprehensive information security policies and regulations. These govern personnel behavior in handling information assets. Relevant systems are reviewed regularly to ensure alignment with operational needs and adjusted as necessary to maintain a secure and resilient technology environment.

We have also established an Information Security Management Committee, responsible for minimizing, monitoring, and responding to information security threats that may compromise the company’s confidential information.Internally, we enforce access controls and endpoint security policies, restricting system access and privileges based on operational roles. Externally, network boundaries are protected through firewalls and intrusion prevention systems (IPS) to block unauthorized access attempts.

In addition to routine data backup and support mechanisms, we conduct Business Impact Analyses (BIA) for key business processes, and formulate Business Continuity Plans (BCP) accordingly. Annual disaster recovery exercises are conducted to ensure readiness in the face of disruptions.

When engaging third-party IT service providers, we follow Outsourced Information Service Management Procedures, sign Non-Disclosure Agreements (NDAs), and include confidentiality obligations in contracts. All contractors and suppliers must adhere to Ennoconn’s System Development and Maintenance Management Procedures. Vendors are evaluated annually based on their prior service delivery to ensure compliance with Ennoconn’s information security requirements.

In the event of a security incident, the IT team categorizes incidents into severity levels (Level 1 to 3) and takes appropriate actions, including isolating affected systems, disabling unnecessary functions, backing up critical data, and enhancing perimeter defenses to contain and prevent further damage. All incidents are documented using an Information Security Incident Report, maintaining clear records for traceability and future review.

Enhancing staff information security awareness and reinforcing their safeguarding responsibilities are crucial for Ennoconn’s cybersecurity management. All new hires must sign an Integrity, Confidentiality, and Intellectual Property Agreement during onboarding. Annually, the IT department provides security awareness training to all staff. For departing employees, accounts are promptly disabled per Access Control Management Procedures to prevent unauthorized system access.

A dedicated information security unit, the Information Security Management Department, has been established within Ennoconn, along with a dedicated information security supervisor and staff.

We have achieved significant milestones in our information security management. We obtained ISO-27001 certification on June 13, 2023, and successfully transitioned to the ISO-27001:2022 version on April 15, 2025. Furthermore, we reported the status of our information security risk management implementation to the Board of Directors on November 14, 2024.

Eight Standards for Information Security Management

  1. Program and data access and control operations
  2. Data input and output control operations
  3. Data processing control operations
  4. Security control operations of files and equipment
  5. Purchase, use and maintenance control of hardware and system software
  6. System recovery plan and test program control operations
  7. Control operations of information security inspection
  8. Control of public information

Information Security Management Framework

Information security incident reporting process

ESG Risk Evaluations

Ennoconn evaluates risks of related issues in environment, society, and corporate governance according to the significance priciple of CSR, and formulates risk management policies or strategies for assessed risks as follows.

Key MattersRisk Evaluation ItemsPolicies or Strategies of Risk Management
Environment

Environment protection and Ecological conservation
Ennoconn devotes itself to environment protection, formulates waste management methods, and effectively reduces the impact of daily operations on the environment through PDCA management control,

Ennoconn implements energy-saving and carbon-reducing measures to reduce the impact of disposing waste on the earth environment through resource recycle and the pomotion of green action in general affairs.

SocietyLabor and Occupational safety
Ennoconn cares about every working partner, formulates "Occupational safety and health policy", "Safety commitment ", "Occupational safety and health work rules" and handles four major occupational safety plans "Maternal protection plan", "Human-induced hazard prevention plan ", "Abnormal workload prevention plan ", "Unlawful infringement in the workplace prevention plan". To maintain workplace safety and health, and ensure the safety of employees' lives and property and the safety of the environment.
Ennoconn will continue to strengthen the ability of employees to recognize hazards in the office area and factory area and advocate to create a safe workplace culture, so that every employee can work safely in a safe workplace.
We care about the health of our employees and cooperate with the health examination center. Employees have to regularly arrange time for health examination every year.
SocietyClient rights and Product safety With regard to the client rights, Ennoconn provides product liability insurance for products sold to protect client rights. We also setup a communication channel on our website to communicate with stakeholders directly.
Corporate Governance ComplianceEnnoconn has set up a corporate governance unit to regularly review and revise corporate governance code as well as related measures. We even set up management procedures for preventing insider transactions to standardize internal procedures of significant confidential information. Besides, we strengthens advocation of the restriction of using undisclosed information on market to profit from trading the company's securities. Related measures are implemented by internal control system.
Document NameDocument Link
Ennoconn IT Security Risk Management
PDF Icon