Information Security

Information security governance

With reference to the FSC’s “Information Security Control Guidelines”, AP Memory has formulated management measures such as “Information Security Management Measures”, “Computerized Information Processing Operation Cycle”, “Emergency Response Plan”, and “Information Security Risk Assessment Report”.

Considering the importance of information security to the semiconductor industry and remote office under the epidemic situation in the past two years, it is necessary to maintain internal operations through digital tools such as cloud and networking, thus strengthen the operation item of “Information Security Check Control”. Besides internal management, AP Memory also cooperates with external professional information security firm, cooperation projects include consulting, information security emergency handling, major information security incident information sharing, regular network audits and other projects, and implement network external audits in 2022 to reduce internal information security risk.

In 2022, AP Memory continues to strengthen the FTP server and website security , software installation control, intranet isolation and other projects for external services, so as to continue to improve the internal information security environment under the evolving information security risk events and to reduce possible information security impacts.

 

Information security governance structure

The competent authority of AP Memory’s information security management is the management committee (CMC), as well as audit, legal, information and other departments, will also include in operation center and responsible authority in the future.
Since 2020, the overall information security planning and deployment has been carried out, reviewing the information security risk projects based on zero trust security architecture, proposing response measures and regularly review the results, will establish “Information Security Committee” before third quarter of 2023, which is responsible for implementing information operation security management plan, as well as establishing and maintaining the information security management system.

 

Information security drills and education training

Penetration test

  Held annually, the commission invites information security vendor to try to hack into the company’s website to find out the weaknesses of the website and repair it.

Social engineering drills

  4 drills a year with 80 people each time, providing both traditional Chinese and simplified Chinese for different regions of the company.

Education and training

  Regular information security promotion, 2 sessions have been held in 2021. Regular information security education and training to improve the information security concept of all colleagues and implement various measures of enterprise information security.