The term of office of the current board of directors is from June 20, 2023 to June 19, 2026, and has met 17 times so far

Title name Times actually attending (B) Times in Attendance by Proxy Actual attendance rate (B/A)
Chairperson
Chang, Jui-Jung
17

0

100%
Director
Hsieh, Shun-Ho
15

2

88%
Director
Chen, Lai-Chun
17

0

100%
Director
Tsai,Feng-Lung
17

0

100%
Director
Hsiao, Kai-Feng
17

0

100%
Director
Chang, Chih-Hao
16

1

94%
Independent Director
Chen, Shuei-Jin
17

0

100%
Independent Director
Shi, Kun-He
17

0

100%
Independent Director
Huang, Chen-Yen
17

0

100%

Training undertaken by the Directors were as follows:

Title name Total number of training hours in 2025 Whether the further training meets the regulations
Chairperson
Chang, Jui-Jung
6.0
V
Director
Hsieh, Shun-Ho
6.0
V
Director
Chen, Lai-Chun
6.0
V
Director
Tsai,Feng-Lung
9.0
V
Director
Hsiao, Kai-Feng
9.0
V
Director
Chang, Chih-Hao
6.0
V
Independent Director
Chen, Shuei-Jin
18.0
V
Independent Director
Shi, Kun-He
6.0
V
Independent Director
Huang, Chen-Yen
6.0
V

For more details, please visit MOPS

Board performance evaluation

Since 2019, relevant self-evaluation questionnaires have been sent in December every year, and the coordinating executive unit will collect the data and record the evaluation results, and report the performance evaluation results at the most recent board meeting of the following year.

On March 12, 2025, the results of the 2024 annual performance evaluation were submitted to the board of directors, and the implementation status of the evaluation is as follows:

Scope of assessment Evaluate the content Evaluate the results

■Overall board of directors

■Individual board members

■Audit Committee

■Remuneration Committee

■Other functional committees

1. The evaluation items of the board of directors performance include the following five aspects:

(1) The degree of participation in the company’s operations.

(2) Improve the quality of board decision-making.

(3) Composition and structure of the board of directors.

(4) Election and continuing education of directors.

(5) Internal control.

1. There are a total of 45 performance evaluation items of the board of directors, and the average score of the conversion score is 96.54 points.

2. The evaluation items for the performance evaluation of director members include the following six aspects:

(1) Grasp the company’s goals and tasks.

(2) Awareness of directors’ responsibilities.

(3) The degree of participation in the company’s operations.

(4) Internal relationship management and communication.

(5) Professional and continuing education of directors.

(6) Internal control.

2. There are a total of 23 performance evaluation items for board members, with an average score of 97.29 points.

3. The performance evaluation items of the audit committee include the following five aspects:

(1) The degree of participation in the company’s operations.

(2) Awareness of the responsibilities of functional committees.

(3) Improve the quality of decision-making by functional committees.

(4) Composition and election of functional committees.

(5) Internal control.

3. There are a total of 22 performance evaluation items of the audit committee, and the average score of the conversion score is 96.06 points.

4. The performance evaluation items of the Remuneration Committee include the following five aspects:

(1) The degree of participation in the company’s operations.

(2) Awareness of the responsibilities of functional committees.

(3) Improve the quality of decision-making by functional committees.

(4) Composition and election of functional committees.

(5) Internal control.

4. There are a total of 22 performance evaluation items of the Remuneration Committee, and the average score of the conversion score is 97.27 points.

5. The evaluation items of the performance evaluation of the Investment Risk Decision-Making Committee include the following five aspects:

(1) The degree of participation in the company’s operations.

(2) Awareness of the responsibilities of functional committees.

(3) Improve the quality of decision-making by functional committees.

(4) Composition and election of functional committees.

(5) Internal control.

5. There are a total of 17 performance evaluation items of the Investment Risk Decision-Making Committee, and the average score of the conversion score is 95.69 points.

6. The performance evaluation items of the Nomination Committee include the following four aspects:

(1) The degree of participation in the company’s operations.

(2) Awareness of the responsibilities of functional committees.

(3) Improve the quality of decision-making by functional committees.

(4) Composition and election of functional committees.

6. There are a total of 19 performance evaluation items of the Nomination Committee, and the average score of the conversion score is 93.68 points.

The overall evaluation results are above 90 points, indicating that the overall operation of the Company’s board of directors is sound and in line with corporate governance.

Implementation of Corporate Governance

Implementation of internal regulations on integrity management and insiders’ prohibition of insider trading:

The company’s ethical management unit is responsible for assisting the board of directors and management in formulating and supervising the implementation of ethical management policies and prevention plans to ensure the implementation of the ethical management code, and the unit reported its implementation status to the board of directors on December 23, 2025.

This year, the “Code of Ethical Management” education and training was held for directors and managers in 2025, with a total of 12 participants, and the course content included: the Code of Ethical Management, laws and regulations related to insider trading/vesting rights, and the Code of Practice on Corporate Governance, etc., and provided presentation files for directors and managers to refer to.

In addition, the company has also established a complete whistleblowing system and confidentiality and incentive measures for whistleblowing identity and content, and pays attention to the development of relevant norms of integrity management at home and abroad at any time to enhance the implementation of the company’s integrity management.

Date Topic Hours # of Participants
2025.12.23
Code of Ethical Management
1
12

Before the annual meeting of the Board of Directors, the Company reminds the Directors not to trade their shares during the closed period 30 days before the announcement of the annual financial report and 15 days before the announcement of the quarterly financial report.
The Company notifies all directors by email of the dates of the four board meetings in 2025 and the closed period before the announcement of each quarterly financial report, and reminds them again by e-mail 7 days before the start of the closed period to prevent directors from accidentally violating the regulations.
In 2025, insiders are not allowed to trade during the closed period announced in the financial report.

Financial Reporting Period The date of the announcement of the board meeting During the lockdown period Implement precautionary measures

2024 Q4 Financial Report

2025.03.12

2025.02.11~2025.03.12

The company will send an email in advance to notify the relevant insiders that they are prohibited from trading in the company’s issued securities during the closed period as a precautionary measure.
Insiders of the Company shall not violate the provisions of Article 157-1 of the Securities and Exchange Act on the period of information precipitation.

Financial report for the first quarter of 2025
2025.05.09
2025.04.25~2025.05.09
2025 Q2 Financial Report
2025.08.20
2025.08.06~2025.08.20
Financial Report for the Third Quarter of 2025
2025.11.12
2025.10.29~2025.11.12

intellectual property


The Company regularly submits intellectual property-related matters to the Board of Directors, with the most recent submission date being November 12, 2025.

List of SANNENG Group’s patents and achievements:

  • As of October 31, 2025, the Group had a total of 214 patent applications, including 18 “invention” patents, 161 “utility” patents, and 11 “design” patents, totaling 190 patents. 15 “invention” patents and 9 “new model” patents are under review and application, for a total of 24 patents.
  • Taiwan: 40 patents have been obtained, and 4 patents are under review.
  • China: 141 patents have been obtained, and 20 patents are under review and application.
  • Japan: 9 patents have been obtained.

Get verified

In the increasingly fierce competition in the global market, the important value of intellectual property has a key impact on the survival of enterprises. Company
Wuxi Sanneng, an important subsidiary, has obtained the intellectual property management system certification in 2022, and its certificate is valid until May 19, 2025.
certificate

In August 2021, the board of directors approved the creation of a full-time unit for “corporate governance and corporate social responsibility”, and appointed the Company’s financial manager as the director of corporate governance.Report directly to the CEO on corporate governance-related matters including convening meetings for the board of directors, audit committee, remuneration committee, and shareholders’ meeting according to law; assisting the appointment of directors and their continuing education; providing directors with the necessary information for conducting business; helping directors to comply with laws and regulations, and so on.

Information regarding the corporate governance directors’ academic experiences and further education are illustrated below:

Chen, Liu-Yu , Chief Financial Officer
Education:: Master of Accounting, National Chengchi University

Experienced: Associate manager of Qinye Zhongxin United Accounting Firm
Taoyuan International Airport Co., Ltd. audit

Manager of Sanneng Group Holding Co., Ltd

Competency: Passed the Taiwan CPA examination
Date Hosting Organization Couse Hours Total hours
2025/03/19
Taiwan Institute of Financial Research
Corporate Governance Lecture Hall
3.0
36.0

2025/05/28~2025/05/29

Securities and Futures Institute
Practical study on sustainability disclosure of listed companies
9.0
2025/07/09
TWSE
2025 Cathay Pacific Sustainable Finance and Climate Change Summit
6.0
2025/08/15
TWSE
CDP corresponds to IFRS S2 problem analysis promotion courses
6.0
2025/09/26
Securities and Futures Institute
114th Annual Insider Trading Prevention Promotion Meeting
3.0
2025/10/01
Taiwan Institute of Financial Research
Corporate Governance Forum
3.0
2025/10/31
Securities and Futures Institute
114th annual insider equity trading legal compliance publicity briefing
3.0
2025/12/10
Securities and Futures Institute
Seminar on “New Thinking for Corporate Hedging: Navigating Exchange Rate Challenges and Asset Management Trends”
3.0

Implementation of Corporate Governance

Description Date

Board of Director Training

The Company arranges on-site training every year and provides courses based on the Company’s business operations, economic situation or professional competence

Corporate Governance Evaluation

Evaluation results of all listed companies: 36% ~ 50%
Classification by industry – market value less than 50 billion yuan Evaluation results: 2% ~ 10%

2024

Board Performance Review

Director attendance rate reached 98.41% in 2024

2025/03/12

Director attendance rate reached 98.41% in 2024

Irregular

The Company has an Investment Risk Decision-Making Committee, which meets regularly and reports to the Board of Directors
(Held twice in FY2025)

2025/03/12
2025/12/23

Other Material Matters

Report the information security management system to the board of directors

2025/03/12

Report the implementation of intellectual property to the board of directors

2025/11/12

Report the implementation of risk management and policy to the board of directors

2025/12/23

Report the result of communicating with stakeholders to the board of director

2025/12/23

Report on the results of the implementation of the Code of Ethical Management

2025/12/23

Information Security Purposes

To implement information security as well as manage and maintain the Company’s system data, an information security organization has been established to establish and supervise the information security policies and objectives of the Group and its subsidiaries. It is also responsible for promoting and planning various information security management-related affairs, auditing, communication, and coordination, as well as cultivating employees’ information security awareness and ensure the normal operation of the Group’s information environment. At the same time, the “Plan-Do-Check-Act (PDCA)” framework is applied to constantly improve the operating model. Through regular management, promotion, and education and training, the aim is to endow our colleagues with good information security awareness, thereby decreasing various information-related risks and threats and enhance information security defense capabilities.

Information security organizational structure and responsibilities

  1. Organizational structure

資訊安全 英 20230117 030819

2. Responsibilities

Information Security Committee:

  • Review of information security management system and relevant management measures.
  • Formulation of information and communication security policy
  • Coordination of information security work and resources across units
  • Supervision of the use of information assets
  • Discussion and confirmation of information security equipment and technology applications
  • Supervision and review of information security incident response and handling
  • Convening of information security management meetings from time to time to confirm the implementation status of various information security operations and problem improvement
  • Regular report on the information security governance and audit to the Board of Directors.

Information Security Audit Team

  • Audit of the implementation status of the system
  • Development and execution of an internal audit plan of the Group and its subsidiaries
  • Tracking of anomaly improvement and suggestion implementation

Information Security Promotion Team

  • Implementation of information security activities
  • Formulation of relevant information security regulations and measures with the management team
  • Execution and tracking of the resolutions by the Information Security Committee and the improvement work at each subsidiary
  • Provision of suggestions to the audit performed by the information security audit unit and supervision of the improvement work

Information Security Incident Response Team

  • Execution of emergency response measures upon the occurrence of an information security incident or crisis until the closure of an information security incident or crisis.
  • Identification of the causes of information security incidents or crises and provision of suggestions about improvement and prevention

Information Security Management Team

  • Formulation of relevant information and communication management regulations
  • Planning and launch of information security activities
  • Establishment of disaster response mechanisms and recovery plans
  • Implementation of the improvement work for information security defects
  • Planning of information security equipment and technology applications
  • Execution of tasks assigned by the Information Security Committee
  • Convening of regular management review meetings (Information Security Committee) to report to committee members

Information security policies and management mechanisms

To reinforce the Company’s information security management, ensure the confidentiality, integrity, and availability of various information equipment, as well as to accommodate the needs of different business activities, and comply with relevant laws and regulations, we have devised an information security policy for all employees and external partners to follow to prevent intentional or accidental damages caused by internal/external elements.

  1. Information security policy objectives

Maintain the ongoing operation of the information assets and systems managed and utilized by SANNENG Group and its subsidiaries, protect them from internal or external man-made/accidental damage, protect data privacy, and prevent data leakage or loss to guarantee stable information services.

  1. Information security management mechanism

Create an adequate information security management system (ISMS) to handle information-related management details including policy, organization, data center, disaster recovery, personnel safety, physical environment, network security, data backup and recovery, access control, information system development and maintenance, information security event management, etc.

Information Security Controls

  1. Introduce ISMS in accordance with ISO/IEC27001:2013 international standards.
  2. Form an information security organization to clarify relevant rights and responsibilities, so that each operation can perform and complete its duties.
  3. Establish and maintain network-related security operations such as firewall control, remote connection security settings (VPN), intrusion detection and defense mechanisms, etc., to minimize the risk of external cyberattacks.
  4. All PCs used in the office are installed with anti-virus software, and the virus database is regularly updated. The software works in conjunction with the spam defense system to decrease the risk of cyberattacks and ransomware.
  5. Regularly organize social engineering drills and information security education and training to enhance employees’ awareness of information security.
  6. Regularly verify file and system authorization to prevent the risk of authorization failure and data leakage of various departments.
  7. Employees and contractors must sign a confidentiality agreement to ensure the employees’ responsibility and obligation to confidentiality, and to prevent improper information access, destruction or disclosure.
  8. Regularly conduct disaster recovery drills for key systems to enhance disaster response capabilities.
  9. Create a standard reporting mechanism for information security incidents in order to implement follow-up procedures. At the same time, keep a complete record of the incident to facilitate subsequent reviews.
  10. Regularly host management review meetings and report information security regulation reviews, information security incidents, audit execution, feedback from interested parties, and issues that require ongoing improvement to the Information Security Committee members.

Information security implementation in 2022

February


1. Complete a social engineering analysis report.
2. Completed the information security promotion team to conduct information security publicity.
3. Completed the first draft of the Information Security Management System Specification (ISMS), which included a policy, 18 procedures, 6 work instructions and 24 forms.

March


1. The first draft of the Information Security Management System Specification (ISMS) has been reviewed.
2. Complete the information security health check.
3. Members of the information security promotion team in each district conducted follow-up information security promotion in each region (including colleagues who clicked on the link during the social engineering drill).
4. Begin the evaluation and adjustment of the virtual server host architecture, which is scheduled to be completed in November 2022.

May


1. Information security staff completed 40 hours of information security international certification education and training.
2. Completed the first information security management committee management review meeting of the Information Security Management System Specification (ISMS) in 2022.

June


1. The Information Security Management System Specification (ISMS) was piloted.
2. Completed the disaster recovery drill – HRM personnel system and File server.

July


1. Started to improve the hardware environment and stability, including replacing old WinXP and Win 7 computers, patching and other work items to reduce information security risks.

August
1. Start planning the execution of the annual social engineering drill.
November


1. Complete the acceptance of the virtual server host and make a closing report.
2. Completed the second information security management committee management review meeting of the Information Security Management System Specification (ISMS) in 2022.

December


1. Completed the disaster recovery drill – Dingxin TIPTOP ERP system

Shopping Cart