AirTAC places great importance on information security management. To prevent computer viruses, cyberattacks, data leakage, legal compliance issues, and risk control failures, the Company has established information security control standards and introduced information tools and analytical framework systems to effectively ensure information security and protect customer privacy. AirTAC conducts regular audits on information security to prevent risks arising from human error. In addition, the Company regularly provides information security training to ensure that employees understand the relevant principles of information security control.
AirTAC has established an Information Security Unit responsible for planning and executing information operations security management, establishing and maintaining the information security management system, and overseeing the formulation, implementation, risk management, and compliance audit of related information security policies. The most recent report to the Board was submitted on November 13, 2025.
Information Security Framework
Information Security Policy
1.Strict compliance with information security regulations
Comply with relevant laws and establish various information security management practices and procedures, with periodic evaluations and adjustments based on actual circumstances.
2.Enhancement of personnel information security awareness
Employees are required to participate in information security training programs to strengthen information security awareness across the Company.
3.Prevention of confidential information leakage
Protect confidential corporate information to prevent unauthorized access, alteration, and the leakage of any sensitive data.
4.Implementation of internal information security audits
Regularly conduct internal audits of various information security measures to ensure proper execution of all operations.
Allocation of Resources to Information and Communication Security
The dedicated human resources information security unit consists of three employees responsible for company information security planning, technical implementation, and related matters to maintain and continuously enhance information security.
1.Network Hardware Equipment
Firewall, backup server, data center temperature (humidity) detection system, uninterruptible power supply (UPS) system, automatic fire suppression system for the data center, surveillance cameras in the data center, offsite backup facility.
2.Software Systems
File encryption management software, backup management software, antivirus software, Endpoint Detection and Response (EDR) software, spam email filtering, Network Access Control, Security Operation Center.
3.Disaster Recovery Drills
Disaster recovery drills and access rights reviews are conducted annually. In 2025, the entire Group carried out a social engineering phishing email test and performed an access rights review.
4.Training
In 2025, the Group conducted four rounds of secure email security drills for employees, with a total participation count of 1,450, enhancing overall information security awareness. In addition, a total of 837 employees in AirTAC Taiwan completed information security training, accumulating 418.5 training hours in total. The trainees accounted for 97% of all AirTAC Taiwan employees.
5.Customer Satisfaction
No significant security incidents occurred, and there were no complaints regarding the loss of customer data in 2025.
Specific Management Plan for Information Security
|
Item |
Solutions |
|
Information Security Protection |
Document Management |
● Establish a document management platform and implement document classification
● Establish processes for confidential document retrieval and document destruction, including tracking and management
● Implement encryption controls and effective tracking for documents and data
● Control and monitor outgoing emails |
|
Risk Management |
● Conduct risk assessments for the information data center, regularly perform vulnerability scans, and carry out periodic disaster recovery drills for core information and communication systems |
|
Information Operations Security |
●Enforce password setting rules and establish remote and on-site backup/redundancy services
● Employees are required to apply for a VPN account to access the company's internal information systems from external locations
● Information system accounts must be applied for according to company regulations. When employees resign, they are required to coordinate with the information unit for account deletion |
|
Device Network Security |
● Implement security mechanisms on devices, monitor network and information access security.
● Establish endpoint antivirus measures based on computer types, enhance detection of malicious software behavior.
● Strengthen firewall and network control to prevent the spread of computer viruses across machines and plant areas. |
|
Plant Area Security |
● Implement control measures for computers used by incoming guests/visitors |
|
● Establish access control for office areas and computer rooms, monitoring for any abnormal incidents |
|
Review and Continuous Improvement |
Education, Training and Promotion |
● Enhance employee awareness of email attacks, regularly conduct phishing email defense detection
● Regularly implement information security education and training to enhance employee awareness of information security |
Privacy Protection
To ensure the proper protection and management of personal data, AirTAC has established the "Personal Data and Privacy Protection Policy and Regulations" in accordance with applicable laws in the jurisdictions where it operates, such as Taiwan's "Personal Data Protection Act." This policy serves as the highest guiding principle for privacy protection and applies to all employees within the Group, as well as customers, suppliers, contractors, external consultants, and other third-party partners. The policy clearly defines the requirements and guidelines for the use and protection of personal data and mandates strict compliance by all internal personnel and third-party partners to safeguard personal data security and protect the rights and interests of stakeholders.
AirTAC adopts a zero-tolerance policy toward personal data incidents. In the event of any personal data breach, responsible departments-including Information Security and the Office of the General Manager-will investigate and handle the matter in accordance with the Personal Data Protection Act and AirTAC's internal regulations. Any violation of confidentiality obligations will be subject to relevant legal actions and internal disciplinary measures.
In Taiwan, training on employee personal data protection was conducted. The quantitative data and management indicators related to the personal data protection policy for 2025 are as follows.
1.Personal Data Protection Training Course
A total of 843 AirTAC Taiwan employees completed information security training in 2025, accumulating 421.5 training hours.
2.Incident Response and Risk Management
No complaints regarding violations of the Personal Data Protection Act were filed in 2025.