Honesty and Integrity

Information Security

Information Security Risks Management Framework

OSE officially established the Information Security Governance Committee in August 2023 to guide, evaluate and monitor the company’s information security. The chief security officer(CSO) of OSE , approved by OSE board of directors, is the senior deputy general manager of the information center, who manages and reviews the information security system. An information security manager is also set to implement the security plan, inspection and improvement of OSE’s system.

Facing the severe Internet environment, the importance of information security has been highly increased. Therefore, OSE considered the future of information security regulations and situations, established the Information Security Management Department in November 2023, and set more than 2 coordinators according to Taiwan’s regulation, responsible of OSE’s information security affairs. The department’s duties include alarm management, vulnerability management, information security system and equipment management, incident monitoring, and identification of information security incidents, etc.

ESG_En0017

Information Security Management

27001-1

OSE obtained ISO 27001:2022 certification in 2023, demonstrating the improvement of information security management, and would continue to strengthen our capabilities and reduce the impact. In addition, we conducted Business Impact Analysis (BIA) in August 2023. Based on the results of diagnosis and analysis, we had carried out recovery plan and improvement strategies. We will keep implementing the strategies in 2024, thereby shortening the disaster recovery time, to meet the all the needs of continuing operation , also search for the suitable insurance plan. The latest certification of ISO 27001: 2022 can be found in the following link: OSE Certificate.

The internal information security reports are made regularly by OSE information security related units and report to the chairman, general manager and the deputy general manager of the information center. An information security report includes network usage status, anti-virus software detection status, firewall detection and blocking records, social engineering drill results, etc. In 2023, no major information security incidents occurred.

Information Security Achievements

ESG_En0018