Sign up for our news
Thank you for your subscription, the latest issue of the newsletter will be automatically sent to your designated mailbox. Please set Unimicron’s email as trust mail.
Thank you.

Solid Corporate Governance

Information Security

Information Security Goals

In order to maintain the confidentiality, integrity and availability of the Company’s information assets, and to protect the privacy of customers and personal data, Unimicron has formulated an information security policy and hopes to achieve the following goals through the joint efforts of all employees in the Company:

• Confidentiality:Ensure that only authorized personnel can obtain information and avoid information leakage
• Integrity:Ensure that information is not subject to unauthorized tampering and the correctness of information processing methods
• Availability:Ensure that authorized users can obtain information and use related assets when needed

Information Security Committee

Unimicron manages the Company-level information protection mechanism through the Information Security Committee to protect customer privacy. Through the acquisition of relevant international certifications, internal information security advocacy and drills, data inventory and drills, and data access control and information security early warning mechanisms, we regularly provide information security reports to the chairman of the board and senior managers of business units, to reduce information security risk.

International Security System Certification

Unimicron’s Taiwan and Mainland China Facilities have obtained ISO 27001 Information Security Management System certification, with a coverage rate of 100%, and have established complete information security standards and management procedures to ensure the security of the information environment.

Data Inventory and Classification

Unimicron has completed the advocacy and inventory of the Company's business secret information in 2020 so as to effectively declare the scope of the Company's confidential information.

Internal Information Security Advocacy and Drill

We hold regular information security advocacy and testing for employees, we issued 8 times announcements in 2020, hold an unannounced social attack drill (phishing email), and conduct a companywide e-Learning information security course in the fourth quarter of each year to deepen employees' information security awareness through actual experience.

Data Access Control and Information Security Warning

Use computer access control tools to lock computer transmission media (email, USB, FTP, web, file folder, etc.). If it is needed for work, a separate application for activation is needed and it must be supervised by the information security early warning mechanism. All file access and data transmission abnormalities are detected and alarmed by the system, and the information security committee is notified to perform related audits, reports and handling. In 2020, compared with the number of incidents during the initial establishment of the Information Security Committee in 2017, the abnormal incidents dropped by 70%.

Information Security Specific Management Plan

To protect customers' intellectual property rights and confidential corporate documents, in addition to a comprehensive information security policy and annual ISO/IEC 27001 Information Security Management System certification, we completed the multi-facet strengthening of our equipment defense and detection capabilities in the second half of 2020, including external/inter-plant/intra-plant firewalls, network abnormal traffic detection and analysis systems, and other traffic monitoring equipment. In addition, it is equipped with privileged account management, regular system vulnerability scanning and repair, data backup and quick recovery mechanism, system network security enhancement, USB management, handheld mobile camera device management, information classification and confidentiality system, printing control, employee information security training and penetration and phishing drills, etc., to enhance internal and external attack prevention detection and recovery capabilities and properly maintain customer data and information security. Nearly 100 million attempts per month by external hackers have been blocked externally, causing no damage to system data. In order to implement Unimicron’s information security policy, we have fully implemented the mobile device access control to the plant, ensuring that information will not be arbitrarily carried out. In addition, Unimicron develops specific management solutions related to the five major aspects of terminal computer management, computer room management, anti-virus and anti-hacking management, system and network security management, and education and training to properly maintain customer data and information security.

Information Security Training Course

Information Security Incident Notification Process

When an information security incident occurs, employees should immediately notify the unit head following the "Unimicron’s Information Security Incident Notification Management Procedures," and the unit head will report to the information security officer, who will, following internal regulations, determine whether the information security incident is a major abnormal event, whether it is a breach of confidentiality, and whether it involves a first-level supervisor. After classification, it shall be reported to the supervisor at that level and the responsible unit, please see the information below.

A major information security incident occurred in 2020. It was caused by suspected virus infection in some information communication systems, but no data was lost. In order to enhance the Company's overall information security capabilities, the following enhancement measures have been completed:

Now:Home / Solid Corporate Governance / Corporate Governance / Information Security