© WinWay Tech. Co., Ltd. All Rights Reserved.
隱私權政策
Designed by MINMAX 網頁設計
Search for All you need

穎崴科技股份有限公司-企業永續

企業永續
企業永續
ESG

winway

Information Security

資訊安全政策

Information Security Management System, Goals, and Strategy

To protect the information security of internal and external stakeholders, WinWay provides a highly secure environment. We have built an information security management system that complies with global information security standards to strengthen the security management of various information assets, ensuring confidentiality, integrity, and availability. The Company has also established a safe and dependable operating environment to ensure information security, system security, equipment security, and network security, protecting the interests of the Company's employees and related internal and external personnel.

Information Security Policy Implementation

  • Establish an information security management system that complies with regulations and customer requirements.
  • The information security awareness of employees is enhanced through information security advocacy and training. Information security protection is implemented in daily operations according to the management system.
  • Protect the confidentiality, integrity, and availability of corporate and customer information assets.

Information Security Organization

The Company established the Information Security Committee, with the president serving as the Chief Information Security Officer and convener. Managers at various levels serve as the committee members. An implementation team, emergency response team, and audit team have been established under the committee. The committee is responsible for reviewing the information security policy governance, planning, supervision, and implementation of various operating units, in order to establish information security protection and good information security awareness among employees. The committee reports the annual implementation status to the Board of Directors regularly every year.

Information Security Strategy

To maintain overall information security and trade secrets management, the Company has specifically formulated the information security strategy:

  • Strengthen the security management of various information assets to ensure confidentiality, integrity, and availability. The Company has also established a secure and dependable operating environment to ensure information security, system security, equipment security, and network security, protecting the interests of the Company's employees and related internal and external personnel.
  • Strengthen management of the documents and files related to invention, research and development, and manufacturing as defined in Article 2 of the Trade Secrets Act, ensuring reasonable protective measures.

Information Security Policy

Build a comprehensive management system, strengthen education and training, use various information security infrastructure design and protection technologies, ensure the availability of information systems, restrict privileges and access management, and resist external threats.
  • 資安治理
    Information Security Governance
    • Strengthen prevention for risk control.
    • Strengthen the information security framework.
  • 法令遵循
    Legal Compliance
    • Establish a compliance mechanism.
    • Regular review/revision

Specific Management Measures

Information security management type Related operations
System accessibility
  • Establish a monitoring system and network availability system.
  • Establish a remote data recovery system to ensure the complete restoration of data.
  • Conduct regular drills for system restoration procedures and business continuity planning (BCP) in case of disasters to strengthen the Company's disaster recovery capabilities and reduce operational risks.
External threats
  • Establish intrusion detection and protection systems, such as firewalls and anti-virus walls, to detect viruses and malware attacks, preventing damage to the information frameworks and systems.
  • Establish an email protection system to ensure the timely blocking of threatening email attacks.
  • Introduce endpoint anti-virus protection to protect servers and personal computers from viruses and data leaks.
  • Regularly conduct vulnerability detection and vulnerability patching updates for servers and user-end computers.
Access management
  • Settings management for personnel accounts and access
  • Regularly inspect and review accounts and access privileges for necessary operations.
  • Access management and surveillance management for server rooms.
Access control
  • Restrict data and file access.
  • Establish a data access audit records system.
  • Define and implement a file classification system, and strictly manage important information according to rules.
  • Only authorized and compliant devices are allowed to connect to the company network, ensuring the separation of corporate and personal device data.

Subsequent Planning and Implementation Status

To "maintain the confidentiality, integrity, availability, and legality of corporate information, avoid impacts on the Company's operations and damage to company interests due to the misuse, leakage, tampering, damage, or disappearance of information and assets caused by human error, deliberate damage, or natural disasters". The Company began introducing ISO27001 information security management system (ISMS) and the Trade Secrets Act system in early 2022, and obtained ISO/IEC 27001:2013 certification on October 2 of 2022. Now we successfully obtained the ISO 27001:2022 recommendation for certification in 2024. The Company's introduction of ISO 27001 ISMS and the Trade Secrets Act system achieved the following goals:

  • Strengthen corporate security, reduce operational risks, and maintain competitiveness.

    Conduct information security health check-ups and survey potential risks with the goal of meeting international standards, and make improvements according to risk severity, thereby reducing the losses caused by information security incidents to the Company.

  • Formulate an information security policy and daily maintenance operations that comply with international standards.

    Avoid becoming a springboard for hackers to attack corporate customers.

  • Improve the confidence and trust of customers and stakeholders in the stable operation of the Company.

    Protect customers' and corporate intellectual property rights.

  • Reduce legal risks and save costs.

    Satisfy the requirements of laws and regulations (Personal Data Act, Trade Secrets Act, and EU's General Data Protection Regulation (GDPR)) through the operation of the information security management system and ISO 27001 certification.

Our website uses browser cookies to provide you with a customized browsing experience and social media features. It also uses cookies to analyze website traffic and gather statistical data. By continuing to use this website, you consent to our use of browser cookies to provide you with our services. Learn More

I agree