Information security management:
1、 Information security risk management framework:
At the end of 2022, the Company established the Corporate Information Security Group, which is managed by the CEO. The Information Security Task Force is under the Group, and its members include the Chief Information Security Officer, Information Security Supervisor, and Information Security Officers, to coordinate information security and protection-related policy development, implementation, risk management, and compliance with internal regulations, and to report to the board of directors on the effectiveness of information security management, information security-related issues, and information security planning in accordance with the legal and regulatory requirements of listed companies.
The auditing unit supervises the operation and auditing of the Corporate Information Security Group in accordance with the relevant operation system and regulations of the enterprise to ensure the effective operation of the Corporate Information Security Group and the effective control of information security. In order to ensure the effective control of information security risks and the effective handling of information security risk events, the head of each department of the enterprise shall serve concurrently as members of the information security committee.
Quarterly meetings are held to review and resolve the information security policy, the effectiveness of information security management measures, and the handling, closure and prevention of information security incidents.
2、 Information security policies:
Silergy establishes and implements an information security management policy to be followed by the Company's employees in order to maintain the confidentiality, integrity and availability of Silergy. The Information Security Department is the highest authority for information security, responsible for the planning and implementation of the information security system, and ensuring the effectiveness of handling information security incidents. In accordance with ISO27001 standard, the Company has introduced and developed a standard information security management system and manage information security based on the requirements of the system.
To prevent causing losses for the enterprises and clients losses due to information system disruption, data loss, and sensitive information leaking, Silergy has established information security management measures, objectives, and strategies in accordance with the requirements of ISO27001 standard.
l Information security management measures:
l Information security management objectives:
l Information security strategies:
In accordance with the information security management standards, the Company has established 25 information security management strategies.
3、Specific management plans and resources devoted to information security management:
l Establishment of an information security incident response plan to grade, classify, report and handle information security incidents.
l Establishment of an information business continuity plan to analyze and classify risks; establishment of countermeasures to reduce general risks.
l Completion of the ISO27001 standard system certification to establish and manage information security in accordance with the system requirements. The certification is valid from 18th April 2023 to 31st Oct 2025.
l Establishment of an information security task force with one Chief Information Security Officer, one Information Security Supervisor, and two Information Security Officers.
l Related specific management measures:
l In 2022, Silergy conducted information security training for all employees and implemented an online information security examination. The results are: a participation rate of 85.6%, a pass rate of 99.5%, a full score of 80, and an average score of 76.43.
l New Silergy employees hired in the year of 2022 all received relevant education training; the coverage rate was 100%.
l Three drill tests was conducted in 2022:
ü Data backup recovery test: 100% of success rate.
ü Offensive and defensive drills: Passed.
ü Remote working drills: Passed.
l Silergy established 25 information security management strategies in 2022.
l In order to effectively utilize the network security information and strengthen the information security system, Silergy applied and passed the review to join the "Taiwan CERT/CSIRT Alliance" in 2021.
