Management Approach

The Company has a clear governance structure for information technology and cybersecurity, with oversight spanning from the Board of Directors and senior management to the operational level. The Company has established Cybersecurity and Information Security policies, as well as an information security management system in alignment with international standards, including ISO/IEC 27001:2022, ISO/IEC 27032:2012, ISO/IEC 27018:2019, and the NIST Cybersecurity Framework.

Governance Structure for Information Technology and Cybersecurity

Strategies and Actions

Risk Management of Threats to Information Assets and Information Systems

The Company’s approach encompasses strategic risk management, security prevention and control measures, data management and confidentiality protection through robust security protocols, business continuity and preparedness, third-party risk management, and risk assessments related to emerging technologies.

Protection Against Threats to Information Assets and Systems

The Company has strengthened its cybersecurity through the comprehensive deployment of advanced technologies and defensive strategies. This begins with the implementation of multi-factor authentication (MFA) to prevent unauthorized access, reinforced by advanced endpoint protection capable of monitoring, detecting and responding to threats effectively. The Zero Trust security model has also been adopted to ensure that all network access is subject to strict authentication and verification. Advanced AI-driven Security Information and Event Management (SIEM) systems are also in place to enhance threat detection and response capabilities. Furthermore, secure data backup systems have been established, along with ransomware protection solutions and rapid system recovery capabilities to ensure business continuity.

Investment and Continuous Evolution

The Company allocates budgets prudently and adopts advanced technologies, AI-based threat detection systems and cloud security solutions. Looking ahead, protection measures will be continuously enhanced to align with evolving threat landscapes and to ensure readiness for forthcoming regulatory requirements.

Business Partners and External Service Provider Management

The Company has established stringent processes for the selection and oversight of third parties and IT outsourcing partners, applying the Global Technology Audit Guide (GTAG) as a benchmark.

Monitoring Technologies and Tools

The Company has implemented modern technologies and monitoring tools, including: Real-Time IT Observability Platform, Continuous Threat Detection and Response System (SIEM), Global Threat Intelligence, Breach and Attack Simulation.

Cyber Resilience Preparedness and Cyber Resilience

The Company conducts risk assessments of high‑risk threat scenarios and establishes incident response plans and procedures. Cybersecurity drills are carried out more than once per year to ensure preparedness. The Company also utilizes an IT Service Management System (ServiceNow) to effectively manage information security incidents and actively supports and participates in Business Continuity Management (BCM) exercises across the Group.

Incident Response Plan

The Company maintains a formal incident response plan that is reviewed and updated regularly, at least once per year.

Targets and Performance

Our commitment to creating a sustainable impact is reflected in our ESG goals and performance.

Target

At least
%
of employees to pass cybersecurity awareness assessments
Incidents of data breaches, unintended disclosures or data leakage
0

Performance

Percentage of employees passing cybersecurity awareness assessments
2025
%

(Unit: %)

Number of data breach, unintended disclosure or data leakage incidents
2025
case

(Unit: case)