ISO 9001 & AS 9100 & ISO/IEC 27001 : 2022(CNS 27001 : 2023) Certifications

Information Security Policy

I. Purpose:

To strengthen information security management and ensure the confidentiality, integrity, and availability of its information assets, Sage Innovations Co., Ltd. (hereinafter referred to as “the Company”) aims to provide a continuous operational information environment for its business. This aligns with relevant government regulations and the requirements of internal and external stakeholders, thereby avoiding any deliberate or accidental threats from inside or outside the organization to achieve information security.

♦ Enhance awareness of information security
♦ Implement security protection measures
♦ Establish a physical security environment
♦ Prevent the leakage of trade secrets

II. Scope:

The scope of the Company’s information security management system is set to include the maintenance and operation of information rooms and business operation systems, having fully grasped the information operation and management process and satisfying all security requirements and expectations.

III. Definitions:

Information Assets: Refers to the hardware, software, services, documentation, and personnel required to maintain the normal operation of the Company’s information business.

Confidentiality: Ensures that only authorized users can access information. Integrity: Ensures the accuracy and completeness of information and processing methods.

Availability: Ensures that authorized users can access information and related assets when needed.

Business Operation Systems: Information technology systems used to manage and coordinate internal business operations, implying the main core systems referred to by the security system.

Information Environment for Continuous Business Operations: Refers to the computer operating environment required to maintain the normal operation of the Company’s various businesses.

IV. Objectives:

To maintain the confidentiality, integrity, and availability of the Company’s information assets and to protect user data privacy. The following objectives are to be achieved through the collective efforts of all colleagues:

  1. Protect the information of the Company’s business activities, avoiding unauthorized access or modification, ensuring its accuracy and completeness.
  2. Respect intellectual property rights, protecting customer and company information.
  3. Ensure that all information security incidents or suspected security vulnerabilities are reported upwards through the appropriate mechanism and are properly investigated and handled.
  4. Comply with relevant government laws and regulations to achieve the goal of continuous business operations.

V. Responsibilities:

  1. All colleagues should actively participate in and support various information security management systems and implement this policy through appropriate standards and procedures.
  2. All personnel, organizations, service providers, outsourcing vendors, and visitors related to business operations must follow this policy.
  3. All colleagues and outsourcing service providers are responsible for reporting information security incidents or vulnerabilities through the appropriate mechanism.
  4. Any behavior that endangers information security will be held accountable for civil, criminal, and administrative responsibilities according to the severity of the situation or punished according to the Company’s relevant regulations.

VI. Regulations:

The Company’s information security management provisions must comply with relevant government regulations (such as Information and Communication Security Management Act, Criminal Law, National Secrets Protection Act, Patent Law, Trademark Law, Copyright Law, Personal Data Protection Act, etc.).

VII. Implementation:

This policy has been approved by the Chief Information Security Officer (General Manager) and will be implemented on the date of announcement. It will be communicated to the Company and related agencies (institutions), vendors connected with the Company’s operations, in writing, electronically, or by other means, and the same applies to amendments.

Chief Information Security Officer (General Manager)

2023,October 23th.