Chang, Jui-Jung

Chairperson

Main experience:
CEO, The Company
Chairperson, Sanneng Taiwan
Director, SINMAG Equipment Corporation

Hsieh, Shun-Ho

Director

Main experience:
Chairman and Gerneral Manager, SINMAG Equipment Corporation
Chairman of Xinmai Machinery (China) Co., Ltd

Chen, Lai-Chun

Director

Main experience:
General Manager, Sanneng Taiwan
General Manager, Sanneng Wuxi
Hsiao, Kai-Feng

Director

Main experience:
The Deputy Chief Executive Officer of the Company is the Acting Chief Executive Officer
General Manager, Sanneng Wuxi

Tsai,Feng-Lung

Director

Main experience:
Vice Director of Technology R&D Center, The Company
Vice General Manager, Sanneng Taiwan
Chang, Chih-Hao

Director

Main experience:
Marketing Director, The Company
Special Assistant to the chairperson and marketing vice general manager, Sanneng Wuxi

Chen, Shuei-Jin

Independent Director

Main experience:
Professional CPA and Managing Partner, Yuen Sheng CPA Firm
Director of Taiwan Baihe Industrial Co., Ltd
Independent Director, Cheng Shin Rubber Ind. Co., Ltd.
Independent Director, Merida Industry Co., Ltd
Independent director of Polyon Fiber (shares) Company
Supervisor, LINCO Technology Co., Ltd
Supervisor, Buffalo Machinery Company Limited

Shi, Kun-He

Independent Director

Main experience:
Director of China Cereal Industry Technology Research Institute
Chairman of Taiwan Society of Food Science and Technology

Huang, Chen-Yen

Independent Director

Main experience:
Senior Engineer MIRDC, Metal Industries Research & Development Centre

Name

Meet One of the Following Professional Qualification Requirements, Together with at Least Five Years Work Experience

Independence Criteria(Note)

Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

1
2
3
4
5
6
7
8
9
10
11
12
Chang, Jui-Jung
-
-
-
-
-
-
-
-
-
-
Hsieh, Shun-Ho
-
-
-
-
-
-
Chen, Lai-Chun
-
-
-
-
-
Tsai,Feng-Lung
-
-
-
-
Hsiao, Kai-Feng
-
-
-
-
-
Chang, Chih-Hao
-
-
-
-
-
-
-
-
-
Huang, Chen-Yen
-
-
Shi, Kun-He
-
-
Chen, Shuei-Jin
3
Note: Please tick the corresponding boxes that apply to the directors during the two years prior to being elected or during the term of office.
  1. Not an employee of the Company or any of its affiliates.
  2. Not a director or supervisor of the company or any of its affiliates (The same does not apply, however, in cases where the person is an independent director appointed in accordance with the Act or the laws and regulations of the local country by, and concurrently serving as such at, a company and its parent or subsidiary or a subsidiary of the same parent).
  3. Not a natural-person shareholder whose shareholding ratio is more than an aggregate of 1% of the total issued shares of the company held by the person’s spouse, minor children or held by the person under others' names, or, whose shareholding ratio, occupies one of the ten highest proportions amongst all by the person.
  4. Not a spouse, relative within the second degree of kinship, or lineal relative within the third degree of kinship, of a managerial officer as described in (1) or any of the persons as described in (2) and (3).
  5. Not a director, supervisor, or employee of a corporate shareholder that directly holds 5% or more of the total number of issued shares of the company, or that ranks among the top five in shareholdings, or that designates its representative to serve as a director or supervisor of the company under Article 27, paragraph 1 or 2 of the Company Act (The same does not apply, however, in cases where the person is an independent director appointed in accordance with the Act or the laws and regulations of the local country by, and concurrently serving as such at, a company and its parent or subsidiary or a subsidiary of the same parent).
  6. Directors not of the company or more than half of the shares with voting rights are directors, supervisors or employees of other companies controlled by the same person (The same does not apply, however, in cases where the person is an independent director appointed in accordance with the Act or the laws and regulations of the local country by, and concurrently serving as such at, a company and its parent or subsidiary or a subsidiary of the same parent).
  7. The chairperson, general manager, or person holding an equivalent position of the company and a person in any of those positions at another company or institution are not the same person or are spouses: a director (or governor), supervisor, or employee of that other company or institution. (The same does not apply, however, in cases where the person is an independent director appointed in accordance with the Act or the laws and regulations of the local country by, and concurrently serving as such at, a company and its parent or subsidiary or a subsidiary of the same parent).
  8. Not a director, supervisor, officer, or shareholder holding 5% or more of the shares, of a specified company or institution that has a financial or business relationship with the company (The same does not apply, however, in cases where the specified company or institution holds an aggregate of more than 20% of the company’s issued shares, not more than 50%; and, where the person is an independent director appointed in accordance with the Act or the laws and regulations of the local country by, and concurrently serving as such at, a company and its parent or subsidiary or a subsidiary of the same parent).
  9. Not a professional individual who, or an owner, partner, director, supervisor, or officer of a sole proprietorship, partnership, company, or institution that, provides auditing services to the company or any affiliate of the company, or that provides commercial, legal, financial, accounting or related services to the company or any affiliate of the company for which the provider in the past 2 years has received cumulative compensation exceeding NT$500,000, or a spouse thereof. However, this restriction does not apply to a member of the remuneration committee, public tender offer review committee, or special committee for merger/consolidation and acquisition, who exercises powers pursuant to the Securities and Exchange Act or to the Business Mergers and Acquisitions Act or related laws or regulations.
  10. Does not have a marital relationship, or a relative within the second degree of kinship to any other director of the company.
  11. Not been a person of any conditions defined in Article 30 of the Company Law.
  12. Not a governmental, juridical person or its representative as defined in Aticle 27 of the Company Law.
Chang, Jui-Jung
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

-
-
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
-
-
-
-
-
V
-
-
V
-
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
Hsieh, Shun-Ho
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

-
-
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
V
-
-
V
-
V
V
-
V
V
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
Chen, Lai-Chun
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

-
-
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
V
-
-
V
-
V
V
V
V
V
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
Tsai,Feng-Lung
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

-
-
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
V
-
-
-
V
V
V
V
V
V
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
Chang, Jui-Ching
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

-
-
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
-
V
-
-
-
V
V
-
V
-
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
Chang, Chih-Hao
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

-
-
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
-
-
-
-
-
V
V
-
V
-
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
Huang, Chen-Yen
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

-
-
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
V
V
V
V
V
V
V
V
V
V
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
Wu , Chao-Fu
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

V
-
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
V
V
V
V
V
V
V
V
V
V
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
Chen, Shuei-Jin
Together with at Least Five Years Work Experience Meet One of the Following Professional Qualification Requirements

An Instructor or Higher Position in a Department of Commerce, Law, Finance, Accounting, or Other Academic Department Related to the Business Needs of the Company in a Public or Private Junior College, College or University

A Judge, Public Prosecutor, Attorney, Certified Public Accountant, or Other Professional or Technical Specialist Who has Passed a National Examination and been Awarded a Certificate in a Profession Necessary for the Business of the Company

Have Work Experience in the Areas of Commerce, Law, Finance, or Accounting, or Otherwise Necessary for the Business of the Company

V
V
V
Independence Criteria(Note)
1
2
3
4
5
6
7
8
9
10
11
12
V
V
V
V
V
V
V
V
V
V
V
V
Number of Other Public Companies in Which the Individual is Concurrently Serving as an Independent Director
3

The Chief Executive Office, which is responsible for assisting the Board of Directors and the management in formulating and supervising the implementation of the Integrity Management Policy and Prevention Plan, and ensuring the implementation of the Code of Integrity Management, will report to the Board of Directors on its 2023 implementation on December 22, 2023.
In 2023, a total of 28 senior executives participated in the Integrity Management Sharing Education and Training for senior executives, including new trends in corporate integrity, ethical management codes for listed companies, and domestic and foreign case sharing, etc., and provided briefing files for senior executives’ reference.
In addition, the company has also established a complete whistleblowing system and confidentiality and incentive measures for whistleblowing identity and content, and pays attention to the development of relevant norms of integrity management at home and abroad at any time to enhance the implementation of the company’s integrity management.

Report/Complain

Scope

  1. Those who are related to official business and have violated the principle of ethical integrity or displayed other inappropriate and unfair conduct, where it is provable and necessary to report or lodge a complaint.
  2. Those who deliberately conceal violations of the principles of ethical integrity or other inappropriate and unfair conduct.

Methods

  1. Reports/complaints about misconduct can be submitted in writing, voice or e-mail with relevant evidence needs to be attached. It is better if there are specific documents or evidence in any form.
  2. The confidentiality of the reports or complainants shall be handled in accordance with Article 4 of these Measures.
  3. If the project team’s investigation found that was intentional malice, defamation, slander or intentional falsification of information in the filed report/complaint the individual filing the report/complaint will be dealt with in accordance with the relevant regulations of the Company or through legal channels.

Grievance channel

e-mail: [email protected] (Audit Supervisor)

address:No. 58, Gongye 8th Rd., Dali Industrial Zone, Dali Dist., Taichung City , Taiwan;Attn: Audit Supervisor

Report/Complain Hotline: +886-4-24921860 ext. 1005 (Audit Office).

Information Security Purposes

To implement information security as well as manage and maintain the Company’s system data, an information security organization has been established to establish and supervise the information security policies and objectives of the Group and its subsidiaries. It is also responsible for promoting and planning various information security management-related affairs, auditing, communication, and coordination, as well as cultivating employees’ information security awareness and ensure the normal operation of the Group’s information environment. At the same time, the “Plan-Do-Check-Act (PDCA)” framework is applied to constantly improve the operating model. Through regular management, promotion, and education and training, the aim is to endow our colleagues with good information security awareness, thereby decreasing various information-related risks and threats and enhance information security defense capabilities.

Information security organizational structure and responsibilities

  1. Organizational structure

資訊安全 英 20230117 030854

2. Responsibilities

Information Security Committee:

  • Review of information security management system and relevant management measures.
  • Formulation of information and communication security policy
  • Coordination of information security work and resources across units
  • Supervision of the use of information assets
  • Discussion and confirmation of information security equipment and technology applications
  • Supervision and review of information security incident response and handling
  • Convening of information security management meetings from time to time to confirm the implementation status of various information security operations and problem improvement
  • Regular report on the information security governance and audit to the Board of Directors.

Information Security Audit Team

  • Audit of the implementation status of the system
  • Development and execution of an internal audit plan of the Group and its subsidiaries
  • Tracking of anomaly improvement and suggestion implementation

Information Security Promotion Team

  • Implementation of information security activities
  • Formulation of relevant information security regulations and measures with the management team
  • Execution and tracking of the resolutions by the Information Security Committee and the improvement work at each subsidiary
  • Provision of suggestions to the audit performed by the information security audit unit and supervision of the improvement work

Information Security Incident Response Team

  • Execution of emergency response measures upon the occurrence of an information security incident or crisis until the closure of an information security incident or crisis.
  • Identification of the causes of information security incidents or crises and provision of suggestions about improvement and prevention

Information Security Management Team

  • Formulation of relevant information and communication management regulations
  • Planning and launch of information security activities
  • Establishment of disaster response mechanisms and recovery plans
  • Implementation of the improvement work for information security defects
  • Planning of information security equipment and technology applications
  • Execution of tasks assigned by the Information Security Committee
  • Convening of regular management review meetings (Information Security Committee) to report to committee members

Information security policies and management mechanisms

To reinforce the Company’s information security management, ensure the confidentiality, integrity, and availability of various information equipment, as well as to accommodate the needs of different business activities, and comply with relevant laws and regulations, we have devised an information security policy for all employees and external partners to follow to prevent intentional or accidental damages caused by internal/external elements.

  1. Information security policy objectives

Maintain the ongoing operation of the information assets and systems managed and utilized by SANNENG Group and its subsidiaries, protect them from internal or external man-made/accidental damage, protect data privacy, and prevent data leakage or loss to guarantee stable information services.

  1. Information security management mechanism

Create an adequate information security management system (ISMS) to handle information-related management details including policy, organization, data center, disaster recovery, personnel safety, physical environment, network security, data backup and recovery, access control, information system development and maintenance, information security event management, etc.

Information Security Controls

  1. Introduce ISMS in accordance with ISO/IEC27001:2013 international standards.
  2. Form an information security organization to clarify relevant rights and responsibilities, so that each operation can perform and complete its duties.
  3. Establish and maintain network-related security operations such as firewall control, remote connection security settings (VPN), intrusion detection and defense mechanisms, etc., to minimize the risk of external cyberattacks.
  4. All PCs used in the office are installed with anti-virus software, and the virus database is regularly updated. The software works in conjunction with the spam defense system to decrease the risk of cyberattacks and ransomware.
  5. Regularly organize social engineering drills and information security education and training to enhance employees’ awareness of information security.
  6. Regularly verify file and system authorization to prevent the risk of authorization failure and data leakage of various departments.
  7. Employees and contractors must sign a confidentiality agreement to ensure the employees’ responsibility and obligation to confidentiality, and to prevent improper information access, destruction or disclosure.
  8. Regularly conduct disaster recovery drills for key systems to enhance disaster response capabilities.
  9. Create a standard reporting mechanism for information security incidents in order to implement follow-up procedures. At the same time, keep a complete record of the incident to facilitate subsequent reviews.
  10. Regularly host management review meetings and report information security regulation reviews, information security incidents, audit execution, feedback from interested parties, and issues that require ongoing improvement to the Information Security Committee members.

Information security implementation in 2022

February


1. Complete a social engineering analysis report.
2. Completed the information security promotion team to conduct information security publicity.
3. Completed the first draft of the Information Security Management System Specification (ISMS), which included a policy, 18 procedures, 6 work instructions and 24 forms.

March


1. Completed the first draft of the Information Security Management System Specification (ISMS), which included a policy, 18 procedures, 6 work instructions and 24 forms.
2. Complete the information security health check.
3. The members of the information security promotion team in each district will conduct follow-up information security publicity in each region (including colleagues who click on the link during the social engineering exercise).
4. Started the evaluation and adjustment of the virtual server hosting architecture, which is scheduled to be completed in November 2022.

May


1. Information security staff completed 40 hours of information security international certification education and training.
2. Completed the first information security management committee management review meeting of the Information Security Management System Specification (ISMS) in 2022.

June


1. The Information Security Management System Specification (ISMS) was piloted.
2. Completed the disaster recovery drill - HRM personnel system and File server.

July


1. Started to improve the hardware environment and stability, including replacing old WinXP and Win 7 computers, patching and other work items to reduce information security risks.

August
1. Start planning the execution of the annual social engineering drill.
November


1. Complete the acceptance of the virtual server host and make a closing report.
2. Completed the second information security management committee management review meeting of the Information Security Management System Specification (ISMS) in 2022.

December


1. Completed the disaster recovery drill - Dingxin TIPTOP ERP system

Risk management policy and procedure

The board of directors approved the “Risk Management Policy” on April 21, 2018, as the overarching principle of the Company’s risk management.In the Company’s annual summit meeting, the center directors of the Group and the general managers of various subsidiaries conduct risk factor analysis to identify risks that may affect the sustainable development of the Company, so as to define the scope of risk management, monitor potential risks and, implement preventive measures for the sake of bolstering risk management.

Risk management scope

The Company’s risk management is divided into 4 dimensions (financial, customer, internal, and learning/growth). SWOT analysis is applied to analyze various strengths/weaknesses, as well as external opportunities and threats. The company’s risks are listed below, where response measures are developed in each risk scope and carried out by the marketing center, management center, and technical research center. Based on each region’s level of impact of each risk characteristic, various subsidiaries will formulate corresponding countermeasures and execute the plan.

As illustrated in the following table, the Company’s risk management includes the management of “operational risk”, “financial risk”, “supply chain risk”, “raw material risk”, “information security risk”, and “environmental risk”.

Organizational structure

The Company has convened the annual Group summit meeting in Q4 of each year since 2018 and at the summit. Senior executives such as the CEO, center directors, audit supervisors, and general managers of subsidiaries will discuss major risk policies and response strategies for the following year.Since 2020, the meeting has been convened online due to the pandemic, making it possible to discuss all the risk issues in real-time.At the 2022 annual summit meeting, the Group’s 3 center directors, audit supervisors, and general managers of various subsidiaries discussed risk policies and countermeasures that were ultimately confirmed by the CEO and implemented.

Operating conditions

The Company vigorously implements the risk management mechanism and reports to the board of directors once a year.The Company held Group summits during September 27-28 and October 13-14, 2022 to discuss the risk policy and response strategies, as well as report the risk policy and countermeasures of 2022 to the board of directors on December 21, 2022. Furthermore, the risk policy and expected response measures for 2023 were also elaborated on.

お買い物カゴ