Continuous innovation and improvement
All employees pursue excellence
Cyber Security Risk Management Framework
The Company Cyber Security Governance Organization
LASER TEK established “Cyber Security Committee” and the Cyber Security Committee is composed of the Executive Office, Policy and Audit Unit, Education and Training Unit, and Cyber Security Technology Unit to coordinate information security management-related policy formulation, implementation, risk management, and compliance audits, with the general manager supervising information security and network security strategies. And the vice president serves as the Chief Information Security Officer (CISO), responsible for supervising the executive office to establish and maintain information security and network security strategies and procedures to protect the company's assets.
LASER TEK Cyber Security Committee Organization Structure
Cyber Security Policy
- Effectively manage information assets, continuously implement risk assessment, and take appropriate protective measures.
- Protect information and information communication systems from unauthorized access, and maintain the confidentiality of information and information communication systems.
- Prevent unauthorized modification to protect the integrity of information and information systems.
- Ensure that authorized users can use the information and information communication system when needed.
- Compliance with statutory and regulatory requirements.
- Assess the impact of various man-made or natural disasters, and formulate a recovery plan for the core information system to ensure the sustainable operation of the core business.
- Implement information security education and training to improve employees' awareness of information security.
- Implement a reward and punishment mechanism for personnel handling business related to information security matters.
Cyber Security Risk Management and Continuous Improvement Structure
Specific Management Measures
We formulated 22 measures through four aspects of cyber security protection including data access control, network information security, education training, check and business continuity. According to attack change and trend to review and adjust for implementing comprehensive cyber security protection and protect the quality of information security in the supply chain with the highest standards.
Investments in Resources for Cyber Security Management
In response to the information security risks faced by company, such as: ransomware attacks, BEC business fraud, APT advanced continuous penetration attacks, social engineering fraud, remote office vulnerability intrusion, continuous operations and other issues, our company has improved its continuous training Colleagues are aware of information security and continue to pay attention to trends in information security issues. We continue to introduce relevant solutions to prevent threats posed by malicious attacks and hope to prevent them in advance. In recent years, our company has continued to improve information security training and solutions. The budget and improvement projects are as follows:
According to the emergency disaster response plan, LASER TEK disconnected its related equipment in time, cleaned the virus and reinstalled the operating system, and implemented follow-up improvement measures
Significant Cyber Security Incidents Notification Process
When the cyber security incident happened, employees should immediately notify the unit window, supervisor and executive office in accordance with the
. The executive office will classify it according to the company's standards for convenience. Follow-up processing, and conduct damage impact assessment and draft improvement plans for cyber security incidents. If the cyber security incident is a major abnormality and the suspected leak incident should be reported to the administration department, if the leak is true, it will be handled by the legal/human resource sector according to law or company regulations . In 2022, the company has not discovered any major cyber security incidents, or may have an adverse impact on the company's business and operations, nor has it been involved in any related legal cases or regulatory investigations.