Information Security Policy and Management Initiatives | Corporate Governance Implementation | Zero One Technology | A Trusted Partner in Enterprise IT Modernization

Corporate Governance Implementation

Information Security Policy

To strengthen information security management across all units, establish a secure and trustworthy corporate IT environment, and ensure the safety of data, systems, equipment, and networks, an Information Security Task Force was established in March 2017. The task force includes professionals specializing in information security protection who participate voluntarily to ensure the secure operation of the Company’s data and infrastructure, achieving the goal of business continuity.

This policy serves as a clear guiding principle for members in their daily work:

Implementation of ISMS for Business Continuity: All employees shall strictly execute information security protocols. We continuously monitor, review, and audit various information systems to ensure Confidentiality, Integrity, and Availability (CIA). We protect information assets from external threats or improper internal management to mitigate risks of leakage, destruction, or loss. With "Risk Management" at its core, we identify threats and vulnerabilities to select appropriate safeguards, reducing risk to an acceptable level and building a secure network environment for continuous operation.
Enhanced Security Training and Service Quality: Quarterly information security training is conducted to instill the mindset that "Information Security is Everyone's Responsibility." By enhancing employees' security awareness and capabilities, we improve incident response and service quality.
Emergency Response and Rapid Mitigation: In addition to routine maintenance, we conduct ongoing system vulnerability scans and Web security testing. Equipment policies are adjusted based on emergency response procedures. We perform quarterly reviews of security incident analyses to ensure that in the event of system failure or major disaster, we can rapidly block threats, maintain critical business operations, and minimize losses.

Management Initiatives

To ensure robust security, the IT Management Division has deployed firewalls to block viruses and hacker intrusions. We utilize Trend Micro antivirus software for enhanced endpoint protection. Furthermore, we employ Deep Security Agent (DSA) to provide Intrusion Detection and Prevention (IDS/IPS), Web Application Protection, and Network Application Control to secure critical servers. Its firewall capabilities reduce the attack surface across physical, virtual, and cloud servers, providing granular filtering rules and network policies to prevent exploits targeting unpatched vulnerabilities.

The IT Management Division will evaluate the necessity of Cyber Insurance based on actual needs to mitigate operational losses from potential major security incidents. The future objectives of the Information Security Task Force include refining security regulations, conducting regular assessments, maintaining international certifications, and continuously strengthening protection mechanisms and employee education.