Home / ESG / Information Security and Customer Privacy

ESG
Information Security and Customer Privacy

Information Security Measures

Information Security Organization

Amid the digital trend, the importance of the network, IT system, and data security is becoming increasingly important, while the demand and expectations of the competent authorities and stakeholders for the company’s information security are also on the rise. If the quality of the company’s system is not up to standard, information leaks or service interruptions will result in expensive costs and damage the company’s reputation. In light of this, RichWave has formed an interdepartmental information security management team with the President as the convener, while the Information Department and Administrative Management Department are in charge of offering directions and planning, with support and cooperation from various business units. The Information Security Management Team convenes regular meetings to review the Company’s information security system operations, and it must report information security-related implementation status to the Board of Directors at least annually to obtain advice and guidance from the highest level of the Company. This is to ensure the operational effectiveness of RichWave’s information security management. On December 26, 2024, the information security team briefed the Board of Directors on the company’s information security operational status, receiving guidance and confirmation from the Board of Directors.

 

 

Information Security Policy

Board-approved "Information Security Risk Management Policy and Procedures" has been established by the Company in order to protect the confidentiality, integrity, and availability of information assets related to employees, suppliers, and customers, and to ensure the reliability of the Company's information services. This policy governs the Company's actions regarding information asset inventory, information security awareness, Company data confidentiality, information equipment maintenance and backup, personal computer security system maintenance, and the reporting of information security incidents. With these measures, we hope to ensure the continued viability of the company's information business.

By implementing information security management procedures, the company ensures the security and veracity of electronic data in various systems and meets the policy objectives of sustaining the company's normal business operations. The policy applies to all of RichWave’s system data and information equipment, regulating the company’s information security control operation (including authorization control, file management, and anti-virus measures), data processing operation, information equipment management and maintenance, form filling operation and form storage period, thereby guaranteeing that the company’s system can engage in effective hierarchical control, important data can be kept, reviewed adequately, and the information system can be comprehensively protected and backed up. Additionally, the company regularly establishes a data backup system to conduct disaster recovery drills and engender an effective data security protection environment in conjunction with the information security system for the sake of ensuring the company’s sustainable operation. In 2024, the Company invested resources in information security management, performing two information system security updates, 11 application system security updates, three mail server system security updates, and two firewall upgrades. Through multi-layered system updates and upgrades, as well as system and information security health checks, we ensure the security of the Company's information systems.

 

2024 Information Security Management Plan

  1. Arrange for an external information security firm to conduct annual information security inspections/drills (including email social engineering drill/vulnerability detection)
  2. Arrange for an annual data recovery drill focusing on the recovery and verification of backed-up data to ensure the correctness of the recovered data
  3. Arrange for a system security update at least once a year, focusing on the patch updates of major system loopholes
  4. An information security reporting mechanism should be established, and the information security team continues to conduct comprehensive information security management

 

Information Security Training and Education

2024 Information Security Training and Education Plan

  1. Organized two information security education and training sessions, with each session lasting at least one hour (including information security awareness/social engineering)
  2. Issue relevant information security reports as needed, and provide analysis report for special information security incidents

To instill information security awareness in our colleagues and make every employee an integral part of the Company’s information security protection network, RichWave provides information security education and training to all new employees and regularly promotes information security awareness through email communications. The new employee information security orientation includes an introduction to the Company’s information system, document management system, electronic form operations, computer and network regulations, and USB regulations. RichWave’s information security supervisor provides a briefing to new employees to ensure their understanding and compliance with the Company’s information security policies and regulations.

The Company continues to monitor current information security trends and launches awareness campaigns targeting high-risk issues, which are communicated through the internal announcement system. These campaigns address issues such as account security management and phishing emails, aiming to enhance employees’ information security awareness, promote vigilance in email usage, and encourage regular updates of system login passwords. In May and November 2024, we held two information security education and training sessions to share insights on domestic and international security incidents and their associated losses. The sessions covered topics such as common information security risks, hacker attack techniques, social engineering, and password management. A total of 293 and 294 employees attended the sessions, respectively, resulting in a combined total of 587 training hours. The course recordings are stored in the Company’s document management system, allowing our colleagues to learn and review the materials online at any time.

Customer privacy

RichWave values the trust between the Company and its customers and is committed to ensuring the security and confidentiality of all information involved in business transactions. Although our business does not involve collecting personal data from end customers, we maintain the confidentiality of any personal data and business secrets that may be encountered during commercial transactions. We strive to protect all privacy and data in accordance with industry standards throughout the cooperation process and to use all business data solely for the purpose of fulfilling our mutual agreement. To ensure data security, we have implemented strict confidentiality measures and established a dedicated unit to handle relevant matters. As of 2024, RichWave has not received any complaints regarding data protection or confidentiality.

logo

6F, No. 5, Alley 20, Lane 407, Sec.2, Tiding Blvd., Neihu District, Taipei, 114, Taiwan R.O.C.

+886-2-8751-1358

© 2025 RichWave Technology Corporation. All Rights Reserved.

SITE MAP COOKIE POLICY PRIVACY POLICY

QUICK SEARCH

Lost your password? Please enter your email address. You will receive a link to create a new password.

Error message here!

Back to log-in

Close