The cyber security policies：

• Invoke the awareness of cyber security
• Highly regard the data access control
• Enhance the data security protection
• Ensure the business continuity

The cyber security objectives：

• Conduct regular training to invoke employees’ awareness upon cyber security
• Execute regular permission reviews and realize network segmentation
• Perform backup routine jobs to keep the high data availability
• Implement disaster recovery drills to ensure business continuity

Cyber Security Responsibilities and Duties：

Cyber Security Committee：
Chairperson：
The General Manager of the company serves as the Chairperson of the Cyber Security Committee, responsible for reviewing the cyber security policies and objectives.

Convener：
The highest-ranking officer of the IT department serves as the Convener, ensuring that the cyber security policies and objectives align with the organization's strategic direction, driving continuous improvement, and tracking and compiling reports on cyber security activities.

Executive Secretary：
Appointed by the Convener, a member of the IT department serves as the Executive Secretary, coordinating cyber security-related operations carried out by the Cyber Security Implementation Team and the Incident Response Team.

Cyber Security Execution Team：
Formed on a task-based basis, the team leader and members are appointed by the Executive Secretary. The team is responsible for executing various cyber security activities.

Emergency Response Team：
Also formed on a task-based basis, the team leader is appointed by the Executive Secretary, and team members are designated from key business process owners. The team is responsible for resolving cyber security issues and improving preventive measures.

Cyber Security Audit Team：
Appointed by the Chairperson of the Cyber Security Committee, the team is responsible for evaluating the implementation status of the cyber security management system.

Cyber Security Specific Management Plan：

To enhance cyber security management, the company established the 「 Cyber Security Management Committee 」 in February 2022 (Republic of China Year 111). This committee is responsible for reviewing the cyber security governance policies of the company and its subsidiaries, overseeing the operations of cyber security management, and holding regular "ISMS Management Review Meetings" to address cyber security governance issues and promote continuous improvement. The goal is to establish and ensure the applicability of cyber security policies.

The Chairperson of the 「 Cyber Security Management Committee 」 is the General Manager, and the Convener is the highest-ranking officer of the IT department. They are responsible for cyber security governance, planning, supervision, and driving execution to build a comprehensive cyber security defense capability and foster strong cyber security awareness among employees.

The core focus of the cyber security strategy revolves around three areas: cyber security governance, legal compliance, and technological application. The approach spans from systems to technology, and from personnel to organization, with a comprehensive effort to enhance cyber security protection capabilities.
In accordance with the regulations outlined in the cyber security control guidelines for publicly listed companies, an IT manager and several professional IT personnel have been assigned to execute cyber security operations, ensure the implementation of cyber security policies, and handle emergency cyber security incidents. All relevant personnel receive professional training in cyber security every year.

To strengthen the ability to monitor cyber security intelligence and respond to cyber security incidents, the company has joined the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC). Through this collaborative defense organization, the company enhances its security protection plans and ensures that skilled emergency response procedures are in place to properly handle unforeseen cyber security incidents.

In light of current emerging cyber security trends such as DDoS (Distributed Denial of Service) attacks, ransomware, social engineering attacks, and phishing websites, the company regularly monitors cyber security issues and develops response plans. These plans include conducting drills for various cyber security scenarios to strengthen the response capabilities of personnel, ensuring that any threats can be detected and blocked promptly. Additionally, regular security audits, such as vulnerability scans or penetration testing, are conducted to ensure that the cyber security systems and network environments comply with security implementation standards.

To address the challenges posed by cyber security threats such as APT (Advanced Persistent Threat) attacks, DDoS attacks, ransomware, social engineering, and data theft, the company has planned the following strategies:

• Conduct annual security assessments, cyber security health checks, social security evaluations, and cyber security incident drills.
• Strengthen the cyber security crisis awareness of employees and the response capabilities of cyber security personnel to prevent, detect, and effectively block threats in a timely manner.
• Annually announce and promote cyber security policies, and cultivate employees with cyber security certifications.
• Provide cyber security education and training for all employees, with each person receiving at least 2 hours of training per year.
• Report to the board of directors at least once a year, summarizing the annual cyber security risk status and actions taken.