The IT Department is an independent department that does not report to any user units. It is responsible for coordinating and implementing information security policies, raising employees' information security awareness, and collecting data to improve the performance and effectiveness of the organization's information security management system (ISMS) regarding technologies, products, or procedures. To strengthen our information security protection and management mechanism, the Company has formulated the "Information Cycle" in accordance with Article 9 of the "Regulations Governing Establishment of Internal Control Systems by Public Companies" to ensure the security of computer data, information systems, IT equipment, and network equipment.

The Company's information security policy aims to strengthen corporate information security management and establish the mindset that "Information Security is Everyone's Responsibility." This ensures the confidentiality, integrity, and availability of data processed for both clients and employees. The Audit Office conducts an annual information security audit focusing on the internal control system—specifically computerized information system processing controls—to guarantee that all data processing within the Company remains fully secured, providing safe, stable, and highly efficient information services.

All of the Company's equipment is housed in our self-built server room, which is equipped with access control and uninterruptible power supply (UPS) systems to ensure that equipment is protected from external tampering or service disruptions caused by power, air conditioning, or fire control abnormalities. Externally, firewalls are deployed as the first line of defense to block anomalous connections. Internally, antivirus software is utilized with periodic virus definition updates to enable real-time file scanning and protection, allowing anomalous files to be detected, quarantined, or deleted immediately. We establish relevant information security standards and periodically conduct information security awareness campaigns for all employees, reminding them of information security risks and related operating procedures. This includes the safety precautions of various information systems, data exchange protocols, and the proper storage of confidential or sensitive data, ensuring that all employees practice appropriate information security behaviors.