Information Security Management 

   Information Security Policy Announcement

 

   ALFOT Technologies Co., Ltd. (hereinafter referred to as "the Company") is committed to enhancing information security management,                  ensuring the confidentiality, integrity, and availability of its information assets to provide an information environment for the continuous                    operation of the Company's information business. This complies with the related regulations  to protect itself from intentional or accidental          threats, both internal and external. The policy sets forth the following provisions.

 

   1.Vision and Objectives of Information Security:

​​

   1.1 Enhance awareness of staffs to avoid data leakage.

   1.2 Implement daily operations to ensure service availability.

 

   2. Based on Vision of Information Security Policy, the following information security objectives are formulated:

​

   2.1 Conduct information security training to promote the awareness of information security to staffs and strengthen their understanding of                   related responsibilities.

   2.2 Protect the company's business activity information to prevent unauthorized access and modification, ensuring its  accuracy and integrity.

   2.3 Perform regular internal audits to ensure proper implementation of the related operations.

   2.4 Ensure that the company's critical core systems maintain a certain level of system availability.

 

   Information Security Policy of Supplier Relationships:

 

   1.Outsourced suppliers should provide system maintenance, contact windows and phone no. of consulting services,resolving system-related             issues, and cooperating with the company's procedures for non-conformity troubleshooting and  reporting. If necessary, on-site services                 should be provided.

 

   2.Outsourced suppliers should comply with the company's confidentiality principles. In the event that personnel from the outsourced supplier            come into contact with the company's "confidential" level (or higher) data during the service provision,they must adhere to relevant laws and          regulations as well as the company's related provisions, and sign a confidentiality agreement (4-60012).

 

   3.The software used by outsourced suppliers must be legal, without violating intellectual property rights. In case of any violations, the                        outsourced supplier shall bear all legal responsibilities.

 

   4.The company has the right to audit the tools, software, and execution records for their processing operations used by outsourced suppliers,          and the supplier shall not object.

 

   5.Outsourced suppliers should keep the records of non-conformity handling, which may be subject to inspection as needed by the company.

 

   6.In the event that the deliverables provided by the outsourced supplier infringe upon the legitimate rights and interests of a third party, the                outsourced supplier shall be responsible for handling the matter and all legal consequences.

 

   7.If the negligence of duty of outsourced supplier's employees causes loss or damage to the company, the outsourced supplier shall be liable          for all compensation.

 

   8.When the development of related systems or responsible personnel of the outsourced supplier leave, they must return the borrowed                      equipment, software, and operational permissions.

 

   9.Outsourced supplier personnel must not disclose information classified as "restricted" level (or higher) during all activities regarding to                    business collaboration.

 

  10.When the information is with "restricted" or higher level needs to be transmitted, processed or stored, it should refer to the encryption-related         specifications from the "Communication and Operation Management Procedures" (2-6007).