To realize the unified management of information security, we have designed the Information Security System Management Blueprint 2.0 at the group level, integrated two sets of management systems for trade secrets and information security, and made a list of 38 integrated policies. Six integrated policies are revised, including the General Principles of Information Security Management System (《信息安全管理體系總則》), the Information Security Management Policy (《信息安全管理制度》), the Information Asset Classification and Grading Control Procedure (《信息資產分類分級控制程序》), the Information Release Management Regulations (《信息發佈管理規定》), the Company Access Management Regulations (《公司出入管理規定》), and the Information Equipment Management Regulations (《信息設備管理規定》). This is to clarify management policies and objectives, improve organizational structure and management responsibilities, and realize life-cycle management of information equipment.The Group has formulated the "Management Measures for the Disposal of Information Security Incidents" and the "Emergency Response Plan for Unforeseen Events (Information Security Incidents)" in order to minimize the negative impacts caused by the mishandling of information security incidents.We organize emergency response tests at least once a year.The Group has established Information Security Verification Management Procedures, and each subsidiary organizes information security self-inspections on a monthly basis; random inspections will be conducted at the corporate level from time to time.

    To prevent information leakage.We regularly organize vulnerability scans and analyze them.During the Reporting Period, the Information Technology Department of the Company participated in the cyber security attack exercise “Cyberguard Action (護網行動)” organized by the governmental departments and scientific research institutions and intercepted thousands of cyber-attacks from external sources as the defender, marking the success of completing the task.Besides,we conducted an attack and defense exercise with an external company to simulate hackers to conduct attacks and identify weak items of protection.There were no information breaches in the Group in 2023.

  To protect the security of customer information.The Group enters into bilateral confidentiality agreements with its customers covering:Nature of information captured, Use of the collected information,Possibility for customers to decide how private data is collected, used, retained and processed,How the information is protected，The information is kept in the company's archives for as long as the cooperation lasts.