Information Security

Information Security Policy

To maintain information confidentiality, completeness, availability, and legitimacy, and protect information assets against internal or external man-made, intentional, or accidental damages that affect corporate operations or harm corporate interests, Ability has established its information security policy to serve as the standard to implement various information security measures; the descriptions are as follows:

1.Protect information from unauthorized access.

2.Protecting data against unintentional, unlawful, or unauthorized access, disclosure.

3.Ensure information integrity preclude unauthorized tampering.

4.The Authorized personnel as required for information in due time

5.Non-unauthorized /non-pirated software to abide by information security.

6.Ensure system backup recovery operate to business continuity developments.

7.Provide employee training of information security management deepen understand of information security.

8.To protect information security risk and hackers attack or virus infect, set up security management equipment.

9.Ensure respond promptly notifications system to information security incident can be taken.

ISO 27001 information security management system

To reinforce information security protection, the Company comprehensively promoted the introduction of the information security management system in 2012 and obtained the ISO 27001 information security management system (ISMS) certificate in August 2013. The Company continues to advance its cybersecurity system structure, requires employees to implement information security management specifications, and build a comprehensive information security protection force via information assets and risk assessments, monitoring operating impact analysis, business continuity drills, and other systems to include information security awareness and concepts in the corporate culture and take steps forward to building the zero trust network structure.

Information Security Management System Certification	Acquisition date	Effective Date
ISO 27001:2022	2025/8/16	2028/8/16

Information security organization

The Company particularly established an information safety processing team for corporate information safety, regularly convened management review meetings, and established and examined information safety management targets and policies. To effectively promote information management policies, the project team, safety prevention team, crisis management team, information safety audit team, and supplier promotion team are established under the information safety organization, comprising senior management personnel of different functional departments to ensure the continued stable operation of the information management system.

We comply with information security policy requirements via the introduction of the ISO 27001 information security management system and regularly carry out information security promotion and employee information security educational training. Internal and external professional auditors and the organization carry out audits of the information security management system each year, evaluate the information operating status, risk control, and event improvement, and report to the information security processing team to control and minimize information security risks.

Information security event reporting and response system

Information security management implementation

Dedicated manpower	There is a dedicated information security supervisor and a dedicated information security personnel who are responsible for Ability's information security planning, technology introduction and related audit matters to maintain and continuously strengthen information security.
Education and training	All new employees will complete an information security education and training course before taking up their posts; all employees will complete an online information security promotion and self-examination once a year; and a total of four vulnerability detection scans will be performed annually.
Information security announcements	More than 10 information security announcements are issued irregularly each year to convey important information security protection regulations and precautions.
Information security threats	A monthly information security threat analysis report is generated every month to conduct statistics and analysis on the detection results of endpoint antivirus, network attacks, malicious and suspicious behaviors.
Customer satisfaction	Ability didn't receive any complaints of infringement of customer privacy or loss of customer information, or major information security protection deficiencies in 2023 and 2024.