Information Security
Information Security Governance Framework
Ancang has established a dedicated information security organization. Its staffing includes one Information Security Manager (served by the Information Department Manager) and one Information Security Specialist, responsible for coordinating the planning and implementation of corporate information security strategies and related systems. To implement information security protection, the total expenditure allocated for information security-related expenses in 2025 amounts to NT$151,429. Specific implementation projects encompass: personnel awareness training (information security education and training), network and endpoint protection (WAF virtual host, Trend Micro SMB Cloud Antivirus Service), data backup resilience (Veeam Data Cloud for Microsoft 365 Flex), and system module deployment and installation. These measures comprehensively enhance the information security of corporate operations.
Report to the Board of Directors on the Implementation of Information Security in 2025: 🔗 Information Security Governance Report
Information Security Policy and Objectives
Ancang adheres to the “Information Security Management Guidelines for Listed Companies” . Our objectives are to:
- Protect the confidentiality of information assets through controlled access.
- Ensure integrity by preventing unauthorized modification or destruction.
- Maintain system availability to support uninterrupted operations.
- Comply with applicable laws and regulations.
- Continuously enhance employee awareness and capabilities in information security.
Information Security Protection Measures
To effectively enforce our information security policies, Ancang implements the following measures:
- Multi-factor authentication and strict account/password management.
- Prohibition of unauthorized software and mandatory use of licensed antivirus programs.
- Controlled access to data centers and critical facilities.
- Robust backup and disaster recovery systems with regular drills.
- Migration to a secure public cloud platform with multi-layer network isolation, intrusion detection, and defense mechanisms.
- Deployment of a secure cloud collaboration platform featuring access control, data encryption, and anti-leakage safeguards.
-
Education, Training, and Awareness Promotion
Ancang regularly conducts cybersecurity training to strengthen employee awareness and response capabilities. Professional cybersecurity personnel receive annual advanced training to stay current with the latest technologies and defense strategies. -
Supply Chain and Subcontractor Information Security Management
Ancang enforces strict information security requirements for our partner. Contracts clearly define responsibilities for data confidentiality, usage, and destruction. All parties must comply with our security policies and undergo regular assessments to ensure compliance. -
Risk Assessment and Continuous Improvement
Ancang conducts annual asset inventories and risk assessments to identify threats and vulnerabilities in core business systems. Through ongoing internal audits, we continuously enhance our information security management system and implement improvement measures.
-
Cybersecurity Incident Response and Reporting
Ancang has established a comprehensive incident response process to promptly assess severity, initiate mitigation measures, and ensure cross-departmental coordination. Regular drills are conducted to strengthen preparedness and minimize the impact of cybersecurity incidents. -
Future Cybersecurity Improvement Directions
Ancang will continue strengthening cybersecurity governance, advancing defense technologies, fostering a security-conscious culture, and adopting the latest cybersecurity innovations. We are committed to providing a secure and stable information environment for employees and customers, while building a resilient and competitive enterprise.