Chairman Zhang Ruirong
Major Experiences:
Chief Executive Officer of the Company
Chairman of Sanneng Food Utensils (Shares) Company
Director of Xinmai Enterprise (Shares) Company
Xie Shunhe Director
Major Experiences:
Chairman and General Manager of Xinmai Enterprise (Shares) Company
Chairman of Xinmai Machinery (China) Co., Ltd
Chen Laichun, Director
Major Experiences:
General Manager of Sanneng Food Utensils (Shares) Company
General Manager of Sanneng Appliance (Wuxi) Co., Ltd
Director Xiao Kaifeng
主要經歷:
本公司管理中心總監
三能器具(無錫)有限公司總經理
Director Chua Fenglong
Major Experiences:
Deputy Director of the Company’s Technology Research Center
Vice President of Sanneng Food Utensils (Shares) Company
Cheung Chi Ho Director
Major Experiences:
Director of the Company’s Marketing Center
Special assistant to the chairman of Sanneng Appliance (Wuxi) Co., Ltd. and vice president of marketing
Chen Shuijin is an independent director
Major Experiences:
Certified public accountant and director of Yuansheng Certified Public Accountants
Director of Taiwan Baihe Industry Co., Ltd
Independent Director of Zhengxin Rubber Industry Co., Ltd
Independent Director of Merida Industries Co., Ltd
Independent director of Julong Fiber Co., Ltd
Supervisor of Lingjia Technology Co., Ltd
Shi Kunhe is an independent director
Major Experiences:
Director of China Cereal Food Industry Technology Research Institute
Huang Chenyan is an independent director
Major Experiences:
He is a full engineer at the Metal Industry Research and Development Center
|
name |
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience |
Independence Criteria(Note) |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 | |||
Chang, Jui-Jung |
– |
– |
– |
– |
– |
– |
– |
– |
– |
– | |||||||
Hsieh, Shun-Ho |
– |
– |
– |
– |
– |
– | |||||||||||
Chen, Lai-Chun |
– |
– |
– |
– |
– | ||||||||||||
Tsai,Feng-Lung |
– |
– |
– |
– | |||||||||||||
Hsiao, Kai-Feng |
– |
– |
– |
– |
– | ||||||||||||
Chang, Chih-Hao |
– |
– |
– |
– |
– |
– |
– |
– |
– | ||||||||
Huang, Chen-Yen |
– |
– | |||||||||||||||
Shi, Kun-He |
– |
– | |||||||||||||||
Chen, Shuei-Jin |
3 | ||||||||||||||||
Note: Each director meets the following conditions in the two years prior to the election and during his or her term of office:
| |||||||||||||||||
| Chang, Jui-Jung | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
– |
– |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
– |
– |
– |
– |
– |
V |
– |
– |
V |
– |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
| Hsieh, Shun-Ho | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
– |
– |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
V |
– |
– |
V |
– |
V |
V |
– |
V |
V |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
| Chen, Lai-Chun | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
– |
– |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
V |
– |
– |
V |
– |
V |
V |
V |
V |
V |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
| Tsai,Feng-Lung | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
– |
– |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
V |
– |
– |
– |
V |
V |
V |
V |
V |
V |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
| Chang, Jui-Ching | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
– |
– |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
– |
V |
– |
– |
– |
V |
V |
– |
V |
– |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
| Chang, Chih-Hao | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
– |
– |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
– |
– |
– |
– |
– |
V |
V |
– |
V |
– |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
| Huang, Chen-Yen | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
– |
– |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
| Wu , Chao-Fu | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
V |
– |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
| Chen, Shuei-Jin | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience | |||||||||||
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company | |||||||||
V |
V |
V | |||||||||
Independence Criteria(Note) | |||||||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
V |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | |||||||||||
3 | |||||||||||
The Chief Executive Office, which is responsible for assisting the Board of Directors and the management in formulating and supervising the implementation of the Integrity Management Policy and Prevention Plan, and ensuring the implementation of the Code of Integrity Management, will report to the Board of Directors on its 2023 implementation on December 22, 2023.
In 2023, a total of 28 senior executives participated in the Integrity Management Sharing Education and Training for senior executives, including new trends in corporate integrity, ethical management codes for listed companies, and domestic and foreign case sharing, etc., and provided briefing files for senior executives’ reference.
In addition, the company has also established a complete whistleblowing system and confidentiality and incentive measures for whistleblowing identity and content, and pays attention to the development of relevant norms of integrity management at home and abroad at any time to enhance the implementation of the company’s integrity management.
Report/Complain
Scope
- Those who are related to official business and have violated the principle of ethical integrity or displayed other inappropriate and unfair conduct, where it is provable and necessary to report or lodge a complaint.
- Those who deliberately conceal violations of the principles of ethical integrity or other inappropriate and unfair conduct.
Methods
- Reports/complaints about misconduct can be submitted in writing, voice or e-mail with relevant evidence needs to be attached. It is better if there are specific documents or evidence in any form.
- The confidentiality of the reports or complainants shall be handled in accordance with Article 4 of these Measures.
- If the project team’s investigation found that was intentional malice, defamation, slander or intentional falsification of information in the filed report/complaint the individual filing the report/complaint will be dealt with in accordance with the relevant regulations of the Company or through legal channels.
Grievance channel
e-mail: [email protected] (Audit Supervisor)
address:No. 58, Gongye 8th Rd., Dali Industrial Zone, Dali Dist., Taichung City , Taiwan;Attn: Audit Supervisor
Report/Complain Hotline: +886-4-24921860 ext. 1005 (Audit Office).
Information Security Purposes
To implement information security as well as manage and maintain the Company’s system data, an information security organization has been established to establish and supervise the information security policies and objectives of the Group and its subsidiaries. It is also responsible for promoting and planning various information security management-related affairs, auditing, communication, and coordination, as well as cultivating employees’ information security awareness and ensure the normal operation of the Group’s information environment. At the same time, the “Plan-Do-Check-Act (PDCA)” framework is applied to constantly improve the operating model. Through regular management, promotion, and education and training, the aim is to endow our colleagues with good information security awareness, thereby decreasing various information-related risks and threats and enhance information security defense capabilities.
Information security organizational structure and responsibilities
- Organizational structure
2. Responsibilities
Information Security Committee:
- Review of information security management system and relevant management measures.
- Formulation of information and communication security policy
- Coordination of information security work and resources across units
- Supervision of the use of information assets
- Discussion and confirmation of information security equipment and technology applications
- Supervision and review of information security incident response and handling
- Convening of information security management meetings from time to time to confirm the implementation status of various information security operations and problem improvement
- Regular report on the information security governance and audit to the Board of Directors.
Information Security Audit Team
- Audit of the implementation status of the system
- Development and execution of an internal audit plan of the Group and its subsidiaries
- Tracking of anomaly improvement and suggestion implementation
Information Security Promotion Team
- Implementation of information security activities
- Formulation of relevant information security regulations and measures with the management team
- Execution and tracking of the resolutions by the Information Security Committee and the improvement work at each subsidiary
- Provision of suggestions to the audit performed by the information security audit unit and supervision of the improvement work
Information Security Incident Response Team
- Execution of emergency response measures upon the occurrence of an information security incident or crisis until the closure of an information security incident or crisis.
- Identification of the causes of information security incidents or crises and provision of suggestions about improvement and prevention
Information Security Management Team
- Formulation of relevant information and communication management regulations
- Planning and launch of information security activities
- Establishment of disaster response mechanisms and recovery plans
- Implementation of the improvement work for information security defects
- Planning of information security equipment and technology applications
- Execution of tasks assigned by the Information Security Committee
- Convening of regular management review meetings (Information Security Committee) to report to committee members
Information security policies and management mechanisms
To reinforce the Company’s information security management, ensure the confidentiality, integrity, and availability of various information equipment, as well as to accommodate the needs of different business activities, and comply with relevant laws and regulations, we have devised an information security policy for all employees and external partners to follow to prevent intentional or accidental damages caused by internal/external elements.
- Information security policy objectives
Maintain the ongoing operation of the information assets and systems managed and utilized by SANNENG Group and its subsidiaries, protect them from internal or external man-made/accidental damage, protect data privacy, and prevent data leakage or loss to guarantee stable information services.
- Information security management mechanism
Create an adequate information security management system (ISMS) to handle information-related management details including policy, organization, data center, disaster recovery, personnel safety, physical environment, network security, data backup and recovery, access control, information system development and maintenance, information security event management, etc.
Information Security Controls
- Introduce ISMS in accordance with ISO/IEC27001:2013 international standards.
- Form an information security organization to clarify relevant rights and responsibilities, so that each operation can perform and complete its duties.
- Establish and maintain network-related security operations such as firewall control, remote connection security settings (VPN), intrusion detection and defense mechanisms, etc., to minimize the risk of external cyberattacks.
- All PCs used in the office are installed with anti-virus software, and the virus database is regularly updated. The software works in conjunction with the spam defense system to decrease the risk of cyberattacks and ransomware.
- Regularly organize social engineering drills and information security education and training to enhance employees’ awareness of information security.
- Regularly verify file and system authorization to prevent the risk of authorization failure and data leakage of various departments.
- Employees and contractors must sign a confidentiality agreement to ensure the employees’ responsibility and obligation to confidentiality, and to prevent improper information access, destruction or disclosure.
- Regularly conduct disaster recovery drills for key systems to enhance disaster response capabilities.
- Create a standard reporting mechanism for information security incidents in order to implement follow-up procedures. At the same time, keep a complete record of the incident to facilitate subsequent reviews.
- Regularly host management review meetings and report information security regulation reviews, information security incidents, audit execution, feedback from interested parties, and issues that require ongoing improvement to the Information Security Committee members.
Information security implementation in 2022
February |
|
March |
|
May |
|
June |
|
July |
|
August |
1. Start planning the execution of the annual social engineering drill. |
November |
|
December |
|
Risk management policy and procedure
The board of directors approved the “Risk Management Policy” on April 21, 2018, as the overarching principle of the Company’s risk management.In the Company’s annual summit meeting, the center directors of the Group and the general managers of various subsidiaries conduct risk factor analysis to identify risks that may affect the sustainable development of the Company, so as to define the scope of risk management, monitor potential risks and, implement preventive measures for the sake of bolstering risk management.
Risk management scope
The Company’s risk management is divided into 4 dimensions (financial, customer, internal, and learning/growth). SWOT analysis is applied to analyze various strengths/weaknesses, as well as external opportunities and threats. The company’s risks are listed below, where response measures are developed in each risk scope and carried out by the marketing center, management center, and technical research center. Based on each region’s level of impact of each risk characteristic, various subsidiaries will formulate corresponding countermeasures and execute the plan.
As illustrated in the following table, the Company’s risk management includes the management of “operational risk”, “financial risk”, “supply chain risk”, “raw material risk”, “information security risk”, and “environmental risk”.
Organizational structure
The Company has convened the annual Group summit meeting in Q4 of each year since 2018 and at the summit. Senior executives such as the CEO, center directors, audit supervisors, and general managers of subsidiaries will discuss major risk policies and response strategies for the following year.Since 2020, the meeting has been convened online due to the pandemic, making it possible to discuss all the risk issues in real-time.At the 2022 annual summit meeting, the Group’s 3 center directors, audit supervisors, and general managers of various subsidiaries discussed risk policies and countermeasures that were ultimately confirmed by the CEO and implemented.
Operating conditions
The Company vigorously implements the risk management mechanism and reports to the board of directors once a year.The Company held Group summits during September 27-28 and October 13-14, 2022 to discuss the risk policy and response strategies, as well as report the risk policy and countermeasures of 2022 to the board of directors on December 21, 2022. Furthermore, the risk policy and expected response measures for 2023 were also elaborated on.
Chairman Zhang Ruirong
Major Experiences:
Chief Executive Officer of the Company
Chairman of Sanneng Food Utensils (Shares) Company
Director of Xinmai Enterprise (Shares) Company
Xie Shunhe Director
Major Experiences:
Chairman and General Manager of Xinmai Enterprise (Shares) Company
Chairman of Xinmai Machinery (China) Co., Ltd
Chen Laichun, Director
Major Experiences:
General Manager of Sanneng Food Utensils (Shares) Company
General Manager of Sanneng Appliance (Wuxi) Co., Ltd
Director Xiao Kaifeng
Major Experiences:
Director of the Company’s Management Center
General Manager of Sanneng Appliance (Wuxi) Co., Ltd
Director Chua Fenglong
Major Experiences:
Deputy Director of the Company’s Technology Research Center
Vice President of Sanneng Food Utensils (Shares) Company
Cheung Chi Ho Director
Major Experiences:
Director of the Company’s Marketing Center
Special assistant to the chairman of Sanneng Appliance (Wuxi) Co., Ltd. and vice president of marketing
Chen Shuijin is an independent director
Major Experiences:
Certified public accountant and director of Yuansheng Certified Public Accountants
Independent Director of Zhengxin Rubber Industry Co., Ltd
Independent Director of Merida Industries Co., Ltd
Independent director of Julong Fiber Co., Ltd
Supervisor of Lingjia Technology Co., Ltd
Shi Kunhe is an independent director
Major Experiences:
Director of China Cereal Food Industry Technology Research Institute
Huang Chenyan is an independent director
Major Experiences:
He is a full engineer at the Metal Industry Research and Development Center
|
name |
Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience |
Independence Criteria(Note) |
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University | A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company | Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 | |||
Chang, Jui-Jung |
– |
– |
– |
– |
– |
– |
– |
– |
– |
– | |||||||
Hsieh, Shun-Ho |
– |
– |
– |
– |
– |
– | |||||||||||
Chen, Lai-Chun |
– |
– |
– |
– |
– | ||||||||||||
Tsai,Feng-Lung |
– |
– |
– |
– | |||||||||||||
Hsiao, Kai-Feng |
– |
– |
– |
– | |||||||||||||
Chang, Chih-Hao |
– |
– |
– |
– |
– |
– |
– |
– |
– | ||||||||
Huang, Chen-Yen |
– |
– | |||||||||||||||
Shi, Kun-He |
– |
– | |||||||||||||||
Chen, Shuei-Jin |
– |
3 | |||||||||||||||
Note: Please tick the corresponding boxes that apply to the directors during the two years prior to being elected or during the term of office.
| |||||||||||||||||
The Chief Executive Office, which is responsible for assisting the Board of Directors and the management in formulating and supervising the implementation of the Integrity Management Policy and Prevention Plan, and ensuring the implementation of the Code of Integrity Management, will report to the Board of Directors on the implementation of the 2024 Code of Integrity on December 25, 2024.
In 2024, a total of 12 directors and managers participated in the Integrity Management Sharing Education and Training, which included the Code of Ethical Management, Laws and Regulations Related to Insider Trading/Vesting Rights and the Code of Corporate Governance Practices, etc., and provided briefing files for the reference of directors and managers.
In addition, the company has also established a complete whistleblowing system and confidentiality and incentive measures for whistleblowing identity and content, and pays attention to the development of relevant norms of integrity management at home and abroad at any time to enhance the implementation of the company’s integrity management.
Report/Complain
Scope
- Those who are related to official business and have violated the principle of ethical integrity or displayed other inappropriate and unfair conduct, where it is provable and necessary to report or lodge a complaint.
- Those who deliberately conceal violations of the principles of ethical integrity or other inappropriate and unfair conduct.
Methods
- Reports/complaints about misconduct can be submitted in writing, voice or e-mail with relevant evidence needs to be attached. It is better if there are specific documents or evidence in any form.
- The confidentiality of the reports or complainants shall be handled in accordance with Article 4 of these Measures.
- If the project team’s investigation found that was intentional malice, defamation, slander or intentional falsification of information in the filed report/complaint the individual filing the report/complaint will be dealt with in accordance with the relevant regulations of the Company or through legal channels.
Grievance channel
e-mail: [email protected] (Audit Supervisor)
address:No. 58, Gongye 8th Rd., Dali Industrial Zone, Dali Dist., Taichung City , Taiwan;Attn: Audit Supervisor
Report/Complain Hotline: +886-4-24921860 ext. 1005 (Audit Office).
Information Security Purposes
To implement information security as well as manage and maintain the Company’s system data, an information security organization has been established to establish and supervise the information security policies and objectives of the Group and its subsidiaries. It is also responsible for promoting and planning various information security management-related affairs, auditing, communication, and coordination, as well as cultivating employees’ information security awareness and ensure the normal operation of the Group’s information environment. At the same time, the “Plan-Do-Check-Act (PDCA)” framework is applied to constantly improve the operating model. Through regular management, promotion, and education and training, the aim is to endow our colleagues with good information security awareness, thereby decreasing various information-related risks and threats and enhance information security defense capabilities.
Information security organizational structure and responsibilities
- Organizational structure
2. Responsibilities
Information Security Committee:
- Review of information security management system and relevant management measures.
- Formulation of information and communication security policy
- Coordination of information security work and resources across units
- Supervision of the use of information assets
- Discussion and confirmation of information security equipment and technology applications
- Supervision and review of information security incident response and handling
- Convening of information security management meetings from time to time to confirm the implementation status of various information security operations and problem improvement
- Regular report on the information security governance and audit to the Board of Directors.
Information Security Audit Team
- Audit of the implementation status of the system
- Development and execution of an internal audit plan of the Group and its subsidiaries
- Tracking of anomaly improvement and suggestion implementation
Information Security Promotion Team
- Implementation of information security activities
- Formulation of relevant information security regulations and measures with the management team
- Execution and tracking of the resolutions by the Information Security Committee and the improvement work at each subsidiary
- Provision of suggestions to the audit performed by the information security audit unit and supervision of the improvement work
Information Security Incident Response Team
- Execution of emergency response measures upon the occurrence of an information security incident or crisis until the closure of an information security incident or crisis.
- Identification of the causes of information security incidents or crises and provision of suggestions about improvement and prevention
Information Security Management Team
- Formulation of relevant information and communication management regulations
- Planning and launch of information security activities
- Establishment of disaster response mechanisms and recovery plans
- Implementation of the improvement work for information security defects
- Planning of information security equipment and technology applications
- Execution of tasks assigned by the Information Security Committee
- Convening of regular management review meetings (Information Security Committee) to report to committee members
2024 information security implementation
February |
|
March |
|
April |
|
May |
|
June |
|
August |
1. Complete the disaster recovery drill arrangement – mail server and Dingxin report server. |
November |
|
December |
|
2023 information security implementation
January |
|
February |
|
March |
|
May |
|
June |
|
July |
1. Complete vulnerability scanning and penetration testing, and produce analysis reports. |
August |
|
September |
|
October |
|
November |
|
Risk management policy and procedure
On April 21, 2018, the Board of Directors approved the Risk Management Policy as the highest guiding principle for the Company’s risk management to ensure the Company’s sound operation and sustainable development, and as the basis for various risk management and implementation of the Group’s headquarters and subsidiaries. The Company’s risk management policy is in accordance with some of the provisions of the Financial Supervision and Administration Commission’s Circular No. 10000621315 dated December 21, 100, amending the “Guidelines for the Establishment of Internal Control Systems by Public Companies”, formulating appropriate risk management policies and procedures, and establishing an effective risk management mechanism to assess and supervise its risk taking capacity, the current status of risks it has tolerated, and the determination of risk response strategies and compliance with risk management procedures.
Every year, at the Group Summit, the directors of each center and the general manager of each subsidiary of the Company conduct risk factor judgment, so as to identify the relevant risks that may affect the sustainable development of the company, screen out the scope of risk management, monitor potential risks and implement preventive measures, in addition to strengthening risk management, and formulate annual operation strategies as the key implementation work for the next year.
At the end of the year, the conclusions of the summit will be submitted to the CEO and the CEO for approval, and then sent to the “Investment Risk Decision Committee” for review before submitting a report to the board of directors.
Risk management scope
The Company’s risk management area analyzes various strengths and weaknesses, as well as opportunities and threats from the external environment, through the four aspects of financial aspects, customer aspects, internal process aspects and learning and growth aspects, and formulates countermeasures in each risk area. The Company’s risk management scope includes “credit risk”, “market risk”, “liquidity risk”, “operational risk”, “supply chain risk”, “financial and accounting risk” (including risks such as high-risk and highly leveraged investment, capital lending to others, endorsement guarantee and derivative commodity trading operations) and “other risks” (including information security risk). The management center and the technical research center undertake, according to the impact of each risk characteristics in each region, each subsidiary formulates countermeasures and carries out the implementation plan.
Organizational structure
The company’s risk management system is organized by the chief executive officer’s office to coordinate the annual operation, through the first stage of analysis and discussion by the directors of the three major centers of the group, and in the second stage, the heads of each subsidiary at or above the vice president level and above discussed with each other according to the characteristics of the region, and then submitted to the group’s risk management and investment decision-making committee before submitting to the board of directors of the group, the organizational chart is as follows:
Operational status and results of implementation in 2024
Since 2018, the Company has held a Group Summit in the fourth quarter of each year, at which senior executives such as the Chief Executive Officer, the directors of each center, the head of audit, and the general manager of the subsidiaries discussed the major risk policies and response strategies for the following year, and reported the conclusions to the Board of Directors at the end of the year. In 2020, due to the pandemic, the event was held online, but it was also possible to discuss all risk issues in a more immediate manner.
Since the end of 2022, as the epidemic has gradually eased and countries around the world have begun to lift epidemic prevention and control measures, the company has resumed the format of physical meetings. From September 3 to 4, 2024, the Company held the first phase of the review meeting of the summit by the directors and audit supervisors of the three major centers to formulate the SWOT of the company as a whole in 2024, and held the second phase of the discussion meeting in Wuxi Sanneng subsidiary in mainland China from September 26 to 28, during which the three center directors, audit directors and deputy general manager or above of each subsidiary discussed the risk policies and response strategies, and analyzed the cross-impact of the SWOT internal organization and the external environment. By analyzing the level of “Incidence P” (1~3) and “Impact I” (1~3), when the multiplier of the two exceeds 6, it is defined as having a high risk, so it is necessary to formulate countermeasures and set strategic measurement objectives to generate a “Risk Assessment Countermeasure Table”. Then, based on the resulting risk assessment countermeasure table, the key indicators and action plan for 2025 will be formulated. Finally, it will be confirmed by the CEO and implemented by Buda as the basis for the operating strategy and key work plan of the Group and its subsidiaries in 2025. It will be submitted to the Board of Directors of the Group after the meeting of the Group’s Investment Risk Decision Committee.