Information Security Management

Management Policy

Everlight Chemical has identified information security as a material topic for sustainable operations. To ensure the confidentiality, integrity, and availability of information, we have formulated an Information Security Management Policy and implemented various protection measures to ensure information security. In 2016, we established the Information Security and Personal Information Management Committee responsible for preventing external cyber threats and overseeing relevant internal management weaknesses.

Information Security & Personal Information Management Committee

With the General Manager as the chairperson, the Head of the Information Division as the executive secretary, and one senior manager from each unit as information security representatives, the committee convenes an information security management review meeting and a meeting with the information security representatives every quarter. The Head of the Information Division is responsible for reporting the Company’s performance in information security management to the Board on a regular basis. The information security governance report and performance overview for 2022 was presented to the board on November 10, 2022.

Information Security Committee

Impact Assessment: We have identified information security as a material topic for sustainable operations. In 2016, the Information Security and Personal Information Management Committee was established, tasked with preventing external cyber threats and overseeing relevant internal management weaknesses.

Responsible Unit: The Information Security and Personal Information Management Committee is chaired by the General Manager of the Company, with the Head of the Information Division as executive secretary. At the operations level, one senior manager from each unit is appointed as information security representatives. Information security review meetings are held on a regular basis.
Management Policy: To ensure the confidentiality, integrity and availability of information, the Company has established an Information Security Management Policy to govern implementation of protection measures to ensure information security.
ISO 27001
Information Security Management System Certificate

Management Measures

External Threat Prevention

  • Regularly scan the Company’s network for vulnerabilities and patch them up to prevent hacker attacks
  • Deploy firewalls to protect the network from malware
  • Deploy anti-spam software to catch any virus and spam in emails
  • Update anti-virus software regularly to prevent all kinds of computer viruses
  • Commission an external service provider to inspect the Company’s network on-site. The service provider is required to sign a Confidentiality Agreement with Contracted Service Provider beforehand
  • Everlight Chemical has become a member of Taiwan CERT/CSIRT Alliance and participates in cybersecurity information sharing, security incident reporting, and collaborating on incident response and coordination

Internal Management

  • Enhance information security promotion and training
  • Implement an encryption system to encrypt all confidential documents and prevent information leaks
  • Perform regular backups for critical servers, contract backup and disaster recovery services and conduct annual disaster preparedness drills
  • Periodically review and manage privileged and regular accounts
  • Put in place a testing environment for system development to reduce man made errors
  • External personnel must apply in advance to access the Company’s intranet resources (Wi-Fi)
  • Collect and monitor system logs to prevent any illegal access to the Company’s system

Performance on Information Security Management

In 2022, no information security incidents that affected the Company’s operations occurred.
  • The Information Security and Personal Information Management Committee holds meetings on a regular basis, and the Head of the Information Division reports on the Company’s information security management and performance to the board on an annual basis. The latest report to the board took place on November 10, 2022.
  • The Company continued to pass ISO 27001 Information Security Management System certification in 2022.