1.Information security policy
✓Enhancing Staff Awareness: Conduct information security training to raise staff awareness and strengthen their understanding of related responsibilities.
✓Preventing Data Leaks: Protect the integrity of Sunon’s business information, preventing unauthorized access or modifications.
✓Implementing Routine Operations: Perform regular internal and external audits to ensure proper execution of all related procedures.
✓Ensuring Service Availability: Maintain a consistent level of availability for Sunon’s critical information systems.
2.Information security and risk management institution
✓Chaired by the President, Sunon’s Information Security Management Committee is led by the IT Unit, responsible for planning, while other business units collaborate on execution. This ensures the effectiveness of Sunon’s information security management practices.
✓The Committee holds quarterly meetings to review implementation progress and reports directly to the Board of Directors.
✓The information security management committee structure as follows
3.Specific management measures
✓Implement access control, system login authentication, and access authorization mechanisms to ensure proper auditing.
✓Conduct regular information security awareness campaigns, including online courses, to enhance staff awareness of security risks.
✓All employees’ computers must have security protection software installed. Documents cannot be removed without prior approval.
✓Access to unauthenticated websites is blocked to prevent computer virus infections, ransomware attacks, or data leaks.
✓Private laptops or smartphones are denied access to the internal network to safeguard against potential data breaches.
✓A positive whitelist is used to control unauthorized software installations. Software cannot be installed without approval.
✓All internal systems must have antivirus software, regular updates with vendor security patches, and periodic vulnerability scans. The IT unit conducts social engineering drills and system protection audits to verify effectiveness.
✓Critical information systems and equipment are designed with a cluster architecture and monitoring mechanisms to maintain high availability.
✓Snapshots and backups are performed per Hard Drive Data Protection Specifications, with annual data restoration drills conducted for verification.
✓Dual backup systems, both local and remote, are in place to protect system and data integrity from natural disasters or other threats.
✓Automation scripts are prioritized for detecting, analyzing, and responding to anomalies. Responsible parties are notified for procedural confirmation.
✓Regularly conduct an inventory of information assets and manage risks based on security risk assessments to ensure effective implementation of control measures.
✓Implement joint defense mechanisms, comprehensive security protection plans, and training for information security professionals to ensure Sunon’s sustainable operations.
✓Annually review security measures and regulations, address key security issues, and develop response plans to ensure appropriateness and effectiveness.
4.The implementation status of each year
✓Implementation status 2024
✓Implementation status 2023
✓Implementation status 2022
✓Implementation status 2021
5.ISO 27001: Information Security Management System
In December 2023, under the professional assessment of the independent certification body TÜV NORD, Sunon’s Information Security Management System was certified for compliance with the ISO/IEC 27001:2022 international standard. Moving forward, Sunon is committed to obtaining additional information security certifications, enhancing its information security management and defense capabilities, upholding sound corporate governance and social responsibility, and fostering greater trust among its global customers in Sunon’s information security practices.
ISO 27001 Certificate(Link)
