Home / ESG / Information Security and Customer Privacy

Information Security and Customer Privacy

Information Security Measures

Information Security Organization

Amid the digital trend, the importance of the network, IT system, and data security is becoming increasingly important, while the demand and expectations of the competent authorities and stakeholders for the company's information security are also on the rise. If the quality of the company's system is not up to standard, information leaks or service interruptions will result in expensive costs and damage the company's reputation. In light of this, RichWave has formed an interdepartmental information security management team with the President as the convener, while the Information Department and Administrative Management Department are in charge of offering directions and planning, with support and cooperation from various business units. The information security management team convenes regular meetings to review the company's information security system operations, and it must report information security- related implementation status to the Board of Directors at least once a year to obtain advice and guidance from the highest level of the company. This is to ensure the operational effectiveness of RichWave's information security management. On December 21, 2023, the information security team briefed the Board of Directors on the company's information security operational status, receiving guidance and confirmation from the Board of Directors.

 

 

Information Security Policy

Board-approved "Information Security Risk Management Policy and Procedures" have been established by RichWave in order to protect the confidentiality, integrity, and availability of information assets related to employees, suppliers, and customers and to ensure the stable use of the company's information services. This policy governs the company's actions regarding information asset inventory, information security awareness, company data confidentiality, information equipment maintenance and backup, personal computer security system maintenance, and the reporting of information security incidents. With these measures, we hope to ensure the continued viability of the company's information business.

By implementing information security management procedures, the company ensures the security and veracity of electronic data in various systems and meets the policy objectives of sustaining the company's normal business operations. The policy applies to all of RichWave's system data and information equipment, regulating the company's information security control operation (including authorization control, file management, and anti-virus measures), data processing operation, information equipment management and maintenance, form filling operation and form storage period, thereby guaranteeing that the company's system can engage in effective hierarchical control, important data can be kept, reviewed adequately, and the information system can be comprehensively protected and backed up. Additionally, the company regularly establishes a data backup system to conduct disaster recovery drills and engender an effective data security protection environment in conjunction with the information security system for the sake of ensuring the company's sustainable operation. A total of 3 information system security updates, six application system security updates, six mail server system security updates, one firewall upgrade, one internal endpoint scanning (health check), and employee computer EDR scanning (health check) were conducted in 2023. Through these multi-layered system updates and health tests, we safeguard the information systems of the company.

 

 

RichWave's Information Security Management Measures

 

 

Information Security Training and Education

 

To instill information security awareness in our colleagues and make every employee an integral part of the company's information security protection network, RichWave has conducted information security education and training for all new employees, and we have promoted information security to them from time to time through email. The new employees' information security training includes an introduction to the company's information system, document management system, electronic form operations, computer and network regulations, and USB regulations. RichWave's information security supervisor will brief the new employees to make sure they can comply with the company's information security system and regulations. Furthermore, the company maintains a constant vigilance over the prevailing state of information security in society and endeavors to create educational materials aimed at enhancing awareness regarding highly significant matters about information security. The distribution of these materials to all employees is done to prevent dangerous incidents. Multiple information security awareness campaigns were conducted in 2023 through the internal announcement system. These campaigns covered various topics including account security management and phishing emails. The purpose of this initiative was to enhance employees' understanding of information security and promote vigilance in email usage. Additionally, it served as a reminder for employees to regularly change their system login passwords. In July and December, all employees participated in a physical + online information security education training session. The training sessions focused on discussing domestic and international information security incidents, as well as the associated losses, reminding colleagues of common information security risks, hacker attack techniques, social engineering, and best practices for password management. A total of 300 and 299 participants attended the training sessions, respectively, accumulating 599 training hours. The recorded sessions were uploaded to the company's document management system, allowing employees to access them at their convenience.

 

Customer Privacy

RichWave values our customers' personal data and privacy, hence we uphold the most stringent approach to collecting and managing our customer's information. When signing a contract with our customers, we have included the confidentiality agreement as part of the official contract to ensure that RichWave's colleagues and partners comply with confidentiality through formal document regulations. After obtaining our clients' information, it will be stored in a digital format and maintained by the company's information security management system in conjunction with the account authorization management mechanism to ensure that RichWave can effectively control the use of our customer's confidential information. Furthermore, RichWave has established a hotline and email to process the company's consumer rights-related complaints and problems to make sure consumer complaints are responded to in a fair and timely manner. In 2023, RichWave did not receive any customer privacy violation-related complaints.

 

QUICK SEARCH

Lost your password? Please enter your email address. You will receive a link to create a new password.

Error message here!

Back to log-in

Close