Information Security Management
Information Security Authority and Information Security Policy
To strengthen information security management measures and comply with the requirements of the FSC's "Guidelines for the Establishment of an Internal Control System for Public Companies", Nova Tech set up an information security organization in 2023, with the General Manager as the convenor and the Support Center Associate as the vice-convenor, to be responsible for the convening and supervising of the information security organization. The Head of the Information Security Management Department is responsible for information security management. There is also an Emergency Response Team to respond to information security related incidents, and an Audit Team for organizational supervision and auditing. NovaTech's information security department, the Information Security Management Department, has an information security supervisor and information security specialists. They are responsible for planning and formulating "Information Security Policy" and "Information Security Management Methods", implementing and promoting management methods with reference to ISO 27001 and CNS 27001 information security management system standards, implementing and tracking reviews, and making immediate and regular improvements to ensure that the policy and management methods are implemented. The results of the implementation are regularly reported to the company's senior management meeting to reduce operational risks.
To protect the confidentiality, integrity, usability, and legality of the Company's information, and to prevent misuse, leakage, modification, destruction, and disappearance of information and information assets due to human negligence, intentional damage, or natural disasters, which may affect Nova Tech's operations and result in damage to the Company's rights and interests, the Information Security Department conducts information security inspections on a regular basis, and submits the inspection reports to the supervisors in charge of the inspection for review. In addition, the Information Security Management Department will report, track, and review the improvement status of the findings and issues raised in the inspections, in order to confirm that the relevant internal and external personnel and units have followed the Company's information security policies and information security management methods.
Key Initiatives in Information Security Management
Nova Tech implements informationsecurity related key measures on a daily basis to ensure that information security management is thoroughly implemented in all aspects of information management.The following are our key information security management measures:
Customer Information Management Process
Information Security Checkups
To understand the company's weaknesses in information security and prevent information security incidents, Nova Tech has commissioned a third party to perform information security healthchecks. Please refer to the table below for the items and results of the health check in 2023:
Information Security Drills and Trainings
Nova Tech promotes information security awareness to employees from time to time through information security drills and educational training. We assist employees in responding to threatening information security information to prevent them from falling into information security threats and traps.
Information Security Drills in 2023
Information Security Audits
Nova Tech has been implementing internal audits on information security for the purpose of continuous improvement. The results of the internal audits on information security for the last two years (2023 & 2022) are shown in the table below.
Information Security Incident Handling
In the event of an information security incident, Nova Tech will activate the following information security incident handling process, where the Emergency Response Team will assist in executing the emergency response to the information security incident.
