Governance

Information Security

Information security policy

To maintain information confidentiality, completeness, availability, and legitimacy, and protect information assets against internal or external man-made, intentional, or accidental damages that affect corporate operations or harm corporate interests, Ability has established its information security policy to serve as the standard to implement various information security measures; the descriptions are as follows:

1.Protect information from unauthorized access.
2.Protecting data against unintentional, unlawful, or unauthorized access, disclosure.
4.The Authorized personnel as required for information in due time
5.Non-unauthorized /non-pirated software to abide by information security.
6.Ensure system backup recovery operate to business continuity developments.
7.Provide employee training of information security management deepen understand of information security.
8.To protect information security risk and hackers attack or virus infect, set up security management equipment.

ISO 27001 information security management system

To reinforce information security protection, the Company comprehensively promoted the introduction of the information security management system in 2012 and obtained the ISO 27001 information security management system (ISMS) certificate in August 2013. The Company continues to advance its cybersecurity system structure, requires employees to implement information security management specifications, and build a comprehensive information security protection force via information assets and risk assessments, monitoring operating impact analysis, business continuity drills, and other systems to include information security awareness and concepts in the corporate culture and take steps forward to building the zero trust network structure.

 

We comply with information security policy requirements via the introduction of the ISO 27001 information security management system and regularly carry out information security promotion and employee information security educational training. Internal and external professional auditors and the organization carry out audits of the information security management system each year, evaluate the information operating status, risk control, and event improvement, and report to the information security processing team to control and minimize information security risks.

 

Information security event reporting and response system

 

Information security management implementation 

Dedicated manpower There is a dedicated information security supervisor and a dedicated information security personnel who are responsible for Ability's information security planning, technology introduction and related audit matters to maintain and continuously strengthen information security.
Education and training  All new employees will complete an information security education and training course before taking up their posts; all employees will complete an online information security promotion and self-examination once a year; and a total of four vulnerability detection scans will be performed annually.
Information security announcements More than 10 information security announcements are issued irregularly each year to convey important information security protection regulations and precautions.
Information security threats A monthly information security threat analysis report is generated every month to conduct statistics and analysis on the detection results of endpoint antivirus, network attacks, malicious and suspicious behaviors.
Customer satisfaction Ability didn't receive any complaints of infringement of customer privacy or loss of customer information, or major information security protection deficiencies in 2023 and 2024.

 

Keywords Search

Popular Keywords:

Investor Conference Financial Information ABILITY Enterprise