Information Security

Information Security Policy

BenQ Materials has established a secure and reliable computerized operating environment to ensure the security of computer data, systems, equipment, networks, and the smooth operation of business activities. In accordance with regulations such as the Cybersecurity Management Act, Personal Data Protection Act, Copyright Act, Electronic Signature Act, as well as referencing international information security standards (ISO 27001), the company has formulated the "Information Security Policy and Procedures" and developed the "Cybersecurity Operation Guidelines" based on this framework. Continuous attention is given to cybersecurity issues, and plans are implemented to strengthen security measures, including the procurement of advanced antivirus software, establishment of global security networks for joint protection, cybersecurity audits, upgrading internal operating systems, and patching vulnerabilities. To instill the importance of information security in the company, regular cybersecurity education and training sessions, as well as cybersecurity drills, are conducted to integrate a culture of cybersecurity awareness into the organization.

Information Security Management Committee Organizational Chart

Information Security Management System

To properly protect information assets, BenQ Materials implements risk assessment procedures, formulates and enforces relevant regulations to determine the risk level of information assets. Based on the results of risk assessments and internal meetings, the company decides on risk handling measures to effectively reduce, transfer, eliminate, or even accept the risk. In 2021, BenQ Materials completed the ISO 27001 implementation project and achieved ISO 27001 certification in 2022. Relevant documents are registered in the company's Document Management System (DMS). To maintain the validity of the certification, a re-audit by an external organization (BSI) is planned for February 2024.

The scope of ISO 27001 certification already covers major production plants in Taiwan and mainland China, as well as the ERP, FEOL MES (Front End of Line Manufacturing Execution System), and FlowER (BPM) systems. In addition to the aforementioned data centers and systems, the company plans to further extend the principles of ISO 27001 to the smart factory and advanced equipment development department's machine vision division in 2024.

Information Security Education and Training

• Internal Training: October is BenQ Materials' Information Security Month. In 2023, online information security courses were conducted for all employees, information security lectures were held for middle and senior managers, posters were displayed, and email announcements were made to strengthen the information security awareness of all employees. In 2023, the company's online information security education and training had an 88% pass rate, with a 60% pass rate among senior managers. To improve the pass rate among senior managers, information security lectures are planned to be included as a mandatory course for senior managers in 2024, with active promotion of related courses to increase the pass rate.
• External Training: To strengthen the information security risk awareness of middle and senior managers, in 2023, external information security consultants conducted information security awareness promotion sessions to ensure that information security concepts are integrated into daily operations. Information security personnel completed certification courses (IEC 62443-2-1, ISO 27017 & 27018, ISO 27001)