Information and Communication Security Control Guidelines

Chapter 1: Preface

Ichia Technology Co., Ltd. (hereinafter referred to as the Company) has formulated this information security control guideline to comply with Article 9 of the "Guidelines for the Establishment of Internal Control Systems for Publicly Issued Companies" regarding the control operations of computerized information system processors.

In accordance with the provisions of the Information Security Management Act, in order to ensure the realization of the information security management system's policies and objectives and follow up on the company's information security management work, an operating procedure has been formulated.

This information security control guideline has been formulated to introduce an information security management mechanism and ensure the confidentiality, integrity, and availability of information assets.

Chapter 2: Establish information and communications security policies and promote organizations

One - Information Security Policy

To protect the company's related information assets, including software and hardware facilities, data, and information security, from risks such as leakage, destruction, or loss due to external threats or improper management by internal personnel.

The company takes corresponding measures for information communication, such as: controlling risks, effective system management, strengthening self-security protection, cooperating with government policies, improving information communication security protection capabilities, complying with national laws and corporate internal regulations, ensuring information communication security, and achieving the goal of corporate sustainable operation.

Two - Promote the organization

To promote information security policies, the following diagrams are used to determine the implementation guidelines

Require all information system personnel to undergo information security training courses every year

1. Cognitive training: General education on information security
2. Professional improvement: cybersecurity professional courses
3. Deepening the field: analysis of key skills
4. Innovative technology: cybersecurity control of emerging technologies

Chapter 3: The concept of PDCA cycle to achieve the company's sustainable management goal

Implementing the PDCA cycle helps ensure continuous improvement of the information security management system so that it can respond to changing risks and threats.

Helps ensure continued compliance with regulatory requirements and improve overall information security levels.

Chapter 4: Information Security Incident Reporting and Response

When an information security incident occurs, the reporting and response process is implemented in accordance with the regulations to ensure that the company can respond to the information security incident quickly and effectively.