• Home
  • ESG
  • Corporate Governance

Corporate Governance

Governance Operation

Integrity Management

In compliance with the regulatory authority’s efforts to promote corporate governance, Good Way has strengthened the function of the Board of Directors, in accordance with the relevant provisions of the Code of Ethical Conduct and the Procedures for Ethical Management and Guidelines for Conduct.

Risk Management

To enhance corporate governance and mitigate various risks that may arise during operations, Good Way has established a “Corporate Risk Management Policy and Procedures.” We follow the principle of materiality to identify, evaluate, address/monitor, and report/disclose risks and opportunities related to environmental, social responsibility, and corporate governance issues.

Good Way has developed risk management strategies and designated responsible units for various potential risks. This includes direct risk management units (operational units/first layer of control), risk management and control units (second layer of control), and the Internal Audit Office (third layer of control). Comprehensive risk management is conducted from direct units to control units. Additionally, the operation of risk management is reported annually by the Risk Management Representative to the Sustainability Development Committee and the Board of Directors at least once a year.

Good Way Risk Governance Structure

Information Security Governance

Information Security Management Strategy and Framework

Information Security Policy

To ensure the safety and stability of Good Way’s network and information usage environment, Good Way has established the “Information Security Risk Management Procedures” in accordance with the “Guidelines for Cybersecurity Management of Listed Companies” issued by the regulatory authority.
The Information Department is responsible for the implementation of information security operations, which includes the identification and risk assessment of core business and information systems, security measures for the development and maintenance of information systems, protective and control measures for information security, management measures for outsourcing information systems or services, incident response and information evaluation for information security incidents, and mechanisms for continuous improvement and performance management of information security.

Specific Information Security Management Plans and countermeasures

Category Countermeasures/ Actions
Network Security Network Resource Management
  • Disable unused services and functions on network devices to reduce risks.
  • Establish a network monitoring system to understand network operations in real-time and detect potential risks or network failures early.
Network Security Management
  • Install firewalls at the interface between the internal and external networks to prevent unauthorized access and regularly review firewall rules to ensure appropriate settings.
  • Engage external experts or conduct internal assessments for network system security and perform security patches to enhance defense capabilities.
  • Implement various security measures such as data encryption, identity verification, and electronic signatures for external connection information systems based on data and system importance to reduce risks of intrusion, damage, tampering, deletion, or unauthorized access.
Wireless Network Security
  • Conduct a thorough security assessment before setting up and using a wireless network.
  • Use encrypted communication protocols between wireless network cards and wireless base stations.
Computer Security Anti-virus Software
  • Install antivirus software on all computer systems, implement automatic virus database updates, and perform regular virus scans.
Access Security
  • Assign a unique account to each computer system user with the minimum required permissions for their job.
  • Immediately cancel or adjust account permissions for employees upon resignation or job transfer.
  • Regularly review account and permission status to ensure they reflect current conditions.
Password Security Management
  • Set unique passwords for all access accounts and require users to change their passwords after the first login, establish and enforce strong password settings, and lock accounts temporarily after three incorrect password attempts.
  • Passwords should not be visibly displayed on computer screens when being entered.
  • Encrypt files containing passwords.
Application System Management Email Security
  • Explicitly prohibit employees from using company email for activities unrelated to work and educate employees to avoid opening suspicious emails.
  • Set rules and limitations on email content and size based on business and personal needs.
  • Enable email filtering and antivirus mechanisms to block spam and potentially virus-infected emails.
Instant Messaging Software Security Installation and use of instant messaging software must be carefully assessed based on actual business needs and appropriate security controls must be implemented.
Data Security and Backup
  • Equip data centers with temperature control devices, fire safety systems, and access control measures, limiting entry to specific personnel, back up databases such as SAP/BPM/PLM daily, and establish an off-site backup mechanism.
  • When decommissioning any data storage media, thoroughly destroy its contents to prevent data recovery.
  • Store and safeguard physical confidential documents such as paper files and important contracts.
Abnormal Event Handling and Disaster Recovery Plan
  • Develop standard procedures for common information security incidents and abnormal situations to increase processing efficiency and reduce harm.
  • Evaluate and address major business impact threats based on business continuity principles, and develop disaster recovery plans accordingly.
Personnel Security Personnel Security Management
  • Clearly define the responsibilities of Good Way’s information department personnel.
  • Require personnel handling information security-related work or confidential information to sign confidentiality agreements.
  • Ensure that at least two people are familiar with various information security tasks to handle emergencies.
Security Awareness Training
  • Immediately inform employees about information security incidents.
  • Provide regular information security awareness or training to employees.
Outsourcing Outsourcing Management
  • When outsourcing information services, sign contracts with vendors and include confidentiality clauses.
  • Upon completion of outsourced computer system services, request detailed system files and manuals from the vendor.
  • Appropriately control system usage permissions for outsourced personnel stationed at Good Way.

Resources Invested in Information Security and Status

Good Way installs real-time antivirus software on newly purchased computers and activates automatic and periodic virus database updates. To ensure that all information systems can continue to provide stable services, regular vulnerability scans are conducted to identify potential risks and perform vulnerability remediation. Good Way uses Trend Apex One services to establish 24/7 real-time protection against abnormal network traffic, intrusion attacks, and malicious connections, and regularly sends protection reports to monitor the effectiveness of security measures. The Information Department continuously publishes information security awareness articles within the group to enhance employees’ information security knowledge, aiming to maintain a record of no information security incidents. To ensure that Good Way maintains a record of no information security incidents resulting in data loss, temperature control and fire safety systems have been installed in the data center, access control has been implemented, and critical databases such as SAP/BPM/PLM are backed up daily with an off-site backup mechanism, with backup data retained for 30 days.

Good Way has always emphasized information security-related operations to maintain the confidentiality, integrity, availability, and legality of company information. Good Way is committed to avoiding situations where information and assets are improperly used, disclosed, altered, damaged, or lost due to human error, deliberate destruction, or natural disasters. Good Way’s information system hardware infrastructure and protective facilities have been enhanced to improve the ability to respond to information security incidents, protecting Good Way’s and customers’ assets. The Information Department regularly performs various information security-related tests and assessments each year.

Contact

We use cookies to provide the services and features offered on our website, and to improve our user experience. By using this website, you consent to the use of cookies and agree to out Privacy policy

AGREE