- Home
-
ESG
-
Corporate Governance
Corporate Governance
Governance Operation
Integrity Management
In compliance with the regulatory authority’s efforts to promote corporate governance, Good Way has strengthened the function of the Board of Directors, in accordance with the relevant provisions of the Code of Ethical Conduct and the Procedures for Ethical Management and Guidelines for Conduct.
Risk Management
To enhance corporate governance and mitigate various risks that may arise during operations, Good Way has established a “Corporate Risk Management Policy and Procedures.” We follow the principle of materiality to identify, evaluate, address/monitor, and report/disclose risks and opportunities related to environmental, social responsibility, and corporate governance issues.
Good Way has developed risk management strategies and designated responsible units for various potential risks. This includes direct risk management units (operational units/first layer of control), risk management and control units (second layer of control), and the Internal Audit Office (third layer of control). Comprehensive risk management is conducted from direct units to control units. Additionally, the operation of risk management is reported annually by the Risk Management Representative to the Sustainability Development Committee and the Board of Directors at least once a year.
Good Way Risk Governance Structure
Information Security Governance
Information Security Management Strategy and Framework
Information Security Policy
To ensure the safety and stability of Good Way’s network and information usage environment, Good Way has established the “Information Security Risk Management Procedures” in accordance with the “Guidelines for Cybersecurity Management of Listed Companies” issued by the regulatory authority.
The Information Department is responsible for the implementation of information security operations, which includes the identification and risk assessment of core business and information systems, security measures for the development and maintenance of information systems, protective and control measures for information security, management measures for outsourcing information systems or services, incident response and information evaluation for information security incidents, and mechanisms for continuous improvement and performance management of information security.
Specific Information Security Management Plans and countermeasures
Category | Countermeasures/ Actions | |
---|---|---|
Network Security | Network Resource Management |
|
Network Security Management |
|
|
Wireless Network Security |
|
|
Computer Security | Anti-virus Software |
|
Access Security |
|
|
Password Security Management |
|
|
Application System Management | Email Security |
|
Instant Messaging Software Security | Installation and use of instant messaging software must be carefully assessed based on actual business needs and appropriate security controls must be implemented. | |
Data Security and Backup |
|
|
Abnormal Event Handling and Disaster Recovery Plan |
|
|
Personnel Security | Personnel Security Management |
|
Security Awareness Training |
|
|
Outsourcing | Outsourcing Management |
|
Resources Invested in Information Security and Status
Good Way installs real-time antivirus software on newly purchased computers and activates automatic and periodic virus database updates. To ensure that all information systems can continue to provide stable services, regular vulnerability scans are conducted to identify potential risks and perform vulnerability remediation. Good Way uses Trend Apex One services to establish 24/7 real-time protection against abnormal network traffic, intrusion attacks, and malicious connections, and regularly sends protection reports to monitor the effectiveness of security measures. The Information Department continuously publishes information security awareness articles within the group to enhance employees’ information security knowledge, aiming to maintain a record of no information security incidents. To ensure that Good Way maintains a record of no information security incidents resulting in data loss, temperature control and fire safety systems have been installed in the data center, access control has been implemented, and critical databases such as SAP/BPM/PLM are backed up daily with an off-site backup mechanism, with backup data retained for 30 days.
Good Way has always emphasized information security-related operations to maintain the confidentiality, integrity, availability, and legality of company information. Good Way is committed to avoiding situations where information and assets are improperly used, disclosed, altered, damaged, or lost due to human error, deliberate destruction, or natural disasters. Good Way’s information system hardware infrastructure and protective facilities have been enhanced to improve the ability to respond to information security incidents, protecting Good Way’s and customers’ assets. The Information Department regularly performs various information security-related tests and assessments each year.