The term of office of the current Board of Directors is from June 20, 2023 to June 19, 2026, and has met 6 times so far

Title Name Times actually attending (B) Times in Attendance by Proxy Actual attendance rate (B/A)
Chairperson
Chang, Jui-Jung
6

0

100%
Director
Hsieh, Shun-Ho
6

0

100%
Director
Chen, Lai-Chun
6

0

100%
Director
Tsai,Feng-Lung
6

0

100%
Director
Hsiao, Kai-Feng
6

0

100%
Director
Chang, Chih-Hao
6

0

100%
Independent Director
Chen, Shuei-Jin
6

0

100%
Independent Director
Shi, Kun-He
6

0

100%
Independent Director
Huang, Chen-Yen
6

0

100%

Training undertaken by the Directors were as follows:

Title Name Hours Whether the further training meets the regulations
Chairperson
Chang, Jui-Jung
6.0
V
Director
Hsieh, Shun-Ho
6.0
V
Director
Chen, Lai-Chun
9.0
V
Director
Tsai,Feng-Lung
6.0
V
Director
Hsiao, Kai-Feng
6.0
V
Director
Chang, Chih-Hao
6.0
V
Independent Director
Chen, Shuei-Jin
18.0
V
Independent Director
Shi, Kun-He
12.0
V
Independent Director
Huang, Chen-Yen
6.0
V

For more details, please visit MOPS

Implementation of Corporate Governance

The implementation of internal regulations on integrity management and insiders’ prohibition of insider trading

The Chief Executive Office, which is responsible for assisting the Board of Directors and management in formulating and supervising the implementation of ethical management policies and prevention plans, and ensuring the implementation of the Ethical Management Code of Directors, is responsible for assisting the Board of Directors and the management to formulate and supervise the implementation of the Ethical Management Principles, and the unit reported to the Board of Directors on its implementation in 2023 on December 22, 2023.

In 2023, a total of 28 senior executives participated in the Integrity Management Sharing Education and Training for senior executives, including new trends in corporate integrity, ethical management codes for listed companies, and domestic and foreign case sharing, etc., and provided briefing files for senior executives’ reference.

In addition, the company has also established a complete whistleblowing system and confidentiality and incentive measures for whistleblowing identity and content, and pays attention to the development of relevant norms of integrity management at home and abroad at any time to enhance the implementation of the company’s integrity management.

Date Topic Hours # of Participants
10/17

Integrity management sharing

1
28

intellectual property

The Company regularly reports to the Board of Directors on matters relating to intellectual property, the most recent of which was made on December 22, 2023.

List of SANNENG Group’s patents and achievements:

  • As of October 31, 2023, the Group has filed a total of 192 patent applications, including 15 approved “invention” patents, 142 “model” patents and 12 “design” patents, totaling 169 patents, and 15 “invention” patents and 8 “model” patents under review and application, totaling 23 patents.
  • Taiwan: 34 patents have been obtained, and 5 patents are under review.
  • China: 126 patents have been obtained, and 18 patents are under review and pending.
  • Japan: 9 patents have been obtained.

In August 2021, the board of directors approved the creation of a full-time unit for “corporate governance and corporate social responsibility”, and appointed the Company’s financial manager as the director of corporate governance.Report directly to the CEO on corporate governance-related matters including convening meetings for the board of directors, audit committee, remuneration committee, and shareholders’ meeting according to law; assisting the appointment of directors and their continuing education; providing directors with the necessary information for conducting business; helping directors to comply with laws and regulations, and so on.

Information regarding the corporate governance directors’ academic experiences and further education are illustrated below:

Chen, Liu-Yu , Chief Financial Officer
Education:: Master of Accounting, National Chengchi University

Experienced:
Associate Manager of Qinye Zhongxin United Accounting Firm
Audit of Taoyuan International Airport Co., Ltd
Manager of Sanneng Group Holdings Co., Ltd

Competency: Passed the Taiwan CPA examination
Date Hosting Organization Couse Hours Total hours
2023/05/23
TWSE
Publicity meeting on the sustainable development action plan of listed companies
3.0
21.0
2023/06/02
Chamber of Commerce and Industry of the Republic of China
2023 New Net Zero Power Summit Forum
3.0
2023/06/02
Securities and Futures Institute
112 Annual Insider Trading Prevention Advocacy Meeting
3.0
2023/07/04
TWSE
2023 Cathay Pacific Sustainable Finance & Climate Change Summit
6.0
2023/09/22
Chinese Corporate Governance Association
Net Zero Sustainable Talent Incubation Class [Central] - Carbon sinks, carbon rights and carbon trading
9.0
2023/12/08
Securities and Futures Institute
112 Annual Insider Equity Transaction Legal Compliance Publicity and Briefing Meeting
3.0

Implementation of Corporate Governance

Description Date

Board of Director Training

The Company arranges on-site training every year and provides courses based on the Company’s business operations, economic situation or professional competence

Corporate Governance Evaluation

Result::21% ~ 35%

2022年

Board Performance Review

98% attendance of directors in 2022

2023/03/22

Other Material Matters

If important regulation changes, the Company will send out notifications

Irregular

The Company has the Risk and Investment Decision-Making Committee, which holds regular meetings and reports to the board of directors

At least once in the first and second half of the year

Report the information security management system to the board of directors

2023/03/22

Report the implementation of intellectual property to the board of directors

2023/12/22

Report the implementation of risk management and policy to the board of directors

2023/12/22

Report the result of communicating with stakeholders to the board of director

2023/12/22

Information Security Purposes

To implement information security as well as manage and maintain the Company’s system data, an information security organization has been established to establish and supervise the information security policies and objectives of the Group and its subsidiaries. It is also responsible for promoting and planning various information security management-related affairs, auditing, communication, and coordination, as well as cultivating employees’ information security awareness and ensure the normal operation of the Group’s information environment. At the same time, the “Plan-Do-Check-Act (PDCA)” framework is applied to constantly improve the operating model. Through regular management, promotion, and education and training, the aim is to endow our colleagues with good information security awareness, thereby decreasing various information-related risks and threats and enhance information security defense capabilities.

Information security organizational structure and responsibilities

  1. Organizational structure

資訊安全 英 20230117 030854

2. Responsibilities

Information Security Committee:

  • Review of information security management system and relevant management measures.
  • Formulation of information and communication security policy
  • Coordination of information security work and resources across units
  • Supervision of the use of information assets
  • Discussion and confirmation of information security equipment and technology applications
  • Supervision and review of information security incident response and handling
  • Convening of information security management meetings from time to time to confirm the implementation status of various information security operations and problem improvement
  • Regular report on the information security governance and audit to the Board of Directors.

Information Security Audit Team

  • Audit of the implementation status of the system
  • Development and execution of an internal audit plan of the Group and its subsidiaries
  • Tracking of anomaly improvement and suggestion implementation

Information Security Promotion Team

  • Implementation of information security activities
  • Formulation of relevant information security regulations and measures with the management team
  • Execution and tracking of the resolutions by the Information Security Committee and the improvement work at each subsidiary
  • Provision of suggestions to the audit performed by the information security audit unit and supervision of the improvement work

Information Security Incident Response Team

  • Execution of emergency response measures upon the occurrence of an information security incident or crisis until the closure of an information security incident or crisis.
  • Identification of the causes of information security incidents or crises and provision of suggestions about improvement and prevention

Information Security Management Team

  • Formulation of relevant information and communication management regulations
  • Planning and launch of information security activities
  • Establishment of disaster response mechanisms and recovery plans
  • Implementation of the improvement work for information security defects
  • Planning of information security equipment and technology applications
  • Execution of tasks assigned by the Information Security Committee
  • Convening of regular management review meetings (Information Security Committee) to report to committee members

Information security policies and management mechanisms

To reinforce the Company’s information security management, ensure the confidentiality, integrity, and availability of various information equipment, as well as to accommodate the needs of different business activities, and comply with relevant laws and regulations, we have devised an information security policy for all employees and external partners to follow to prevent intentional or accidental damages caused by internal/external elements.

  1. Information security policy objectives

Maintain the ongoing operation of the information assets and systems managed and utilized by SANNENG Group and its subsidiaries, protect them from internal or external man-made/accidental damage, protect data privacy, and prevent data leakage or loss to guarantee stable information services.

  1. Information security management mechanism

Create an adequate information security management system (ISMS) to handle information-related management details including policy, organization, data center, disaster recovery, personnel safety, physical environment, network security, data backup and recovery, access control, information system development and maintenance, information security event management, etc.

Information Security Controls

  1. Introduce ISMS in accordance with ISO/IEC27001:2013 international standards.
  2. Form an information security organization to clarify relevant rights and responsibilities, so that each operation can perform and complete its duties.
  3. Establish and maintain network-related security operations such as firewall control, remote connection security settings (VPN), intrusion detection and defense mechanisms, etc., to minimize the risk of external cyberattacks.
  4. All PCs used in the office are installed with anti-virus software, and the virus database is regularly updated. The software works in conjunction with the spam defense system to decrease the risk of cyberattacks and ransomware.
  5. Regularly organize social engineering drills and information security education and training to enhance employees’ awareness of information security.
  6. Regularly verify file and system authorization to prevent the risk of authorization failure and data leakage of various departments.
  7. Employees and contractors must sign a confidentiality agreement to ensure the employees’ responsibility and obligation to confidentiality, and to prevent improper information access, destruction or disclosure.
  8. Regularly conduct disaster recovery drills for key systems to enhance disaster response capabilities.
  9. Create a standard reporting mechanism for information security incidents in order to implement follow-up procedures. At the same time, keep a complete record of the incident to facilitate subsequent reviews.
  10. Regularly host management review meetings and report information security regulation reviews, information security incidents, audit execution, feedback from interested parties, and issues that require ongoing improvement to the Information Security Committee members.

Information security implementation in 2022

February


1. Complete a social engineering analysis report.
2. Completed the information security promotion team to conduct information security publicity.
3. Completed the first draft of the Information Security Management System Specification (ISMS), which included a policy, 18 procedures, 6 work instructions and 24 forms.

March


1. Completed the first draft of the Information Security Management System Specification (ISMS), which included a policy, 18 procedures, 6 work instructions and 24 forms.
2. Complete the information security health check.
3. The members of the information security promotion team in each district will conduct follow-up information security publicity in each region (including colleagues who click on the link during the social engineering exercise).
4. Started the evaluation and adjustment of the virtual server hosting architecture, which is scheduled to be completed in November 2022.

May


1. Information security staff completed 40 hours of information security international certification education and training.
2. Completed the first information security management committee management review meeting of the Information Security Management System Specification (ISMS) in 2022.

June


1. The Information Security Management System Specification (ISMS) was piloted.
2. Completed the disaster recovery drill - HRM personnel system and File server.

July


1. Started to improve the hardware environment and stability, including replacing old WinXP and Win 7 computers, patching and other work items to reduce information security risks.

August
1. Start planning the execution of the annual social engineering drill.
November


1. Complete the acceptance of the virtual server host and make a closing report.
2. Completed the second information security management committee management review meeting of the Information Security Management System Specification (ISMS) in 2022.

December


1. Completed the disaster recovery drill - Dingxin TIPTOP ERP system

お買い物カゴ