Corporate governance unit
The Company’s board approved by resolution the appointment of the Finance Department Manager as the corporate governance officer, to protect shareholders’ equity and strengthen the board functions. The Financial Division Manager is a manager of the Company and has at least three years of experience as a financial officer in a publicly listed company. The corporate governance officer is mainly responsible for handling matters related to board meetings and shareholders’ meetings in accordance with the law, preparing minutes of the board meetings and shareholders’ meetings, assisting directors in taking office and taking continuing education courses, providing directors with materials needed to perform duties, and assisting directors in complying with laws.The duties performed are as follows:
- Assisted independent directors and general directors in performing their duties, provided necessary materials they needed, and arranged for directors’ continuing education courses:
- Submitted the latest amendments and developments of laws and regulations related to the Company’s business field and corporate governance to board members when they took office and updated them regularly.
- Reviewed the confidentiality level of relevant information and provided the Company information required by directors to maintain smooth communication between directors and business managers.
- Arranged for relevant meetings between the chief internal auditor and the CPAs when there was a need for them to meet in person, to understand the Company’s financial business in accordance with the Corporate Governance Best-Practice Principles.
- Assisted independent directors and general directors in formulating annual training plans and arranged for courses based on the Company’s industry characteristics and directors’ education and experience.
2.Assisted in handling the procedures of board meetings and shareholders’ meetings and ensuring legal compliance for resolutions adopted:
- Reported the Company’s corporate governance situation to the board, independent directors, and the audit committee, and confirmed if the Company’s shareholders’ meetings and board meetings were in compliance with applicable laws and the Corporate Governance Best-Practice Principles.
- Assisted and reminded directors of the laws and regulations that should be followed when performing duties or formally adopting resolutions at board meetings, and provided advice when the board was about to pass a resolution illegally.
- Was responsible for reviewing the release of material information on important resolutions passed by the board after a board meeting, to ensure the legality and accuracy of the content of the material information and information transparency for investors.
3. Notified directors of a board meeting no later than seven days before the board agenda was drafted, convened meetings, and provided meeting materials, reminded, in advance, directors of recusal from a proposal, in which personal interest was involved, if any, and completed board meeting minutes within 20 days after the meeting.
4. Registered, in advance, the date of a shareholders’ meeting in accordance with the law, prepared a meeting notice, meeting handbook, and minutes before a deadline as required by law, and registered any changes in the case of amendment to the articles of incorporation or an election of directors.
Corporate governance manager education
Date of the course | Organizer | Course Name | Hours of education | Total hours of education of the current year |
---|---|---|---|---|
2023.03.27 | Chinese National Association of Industry and Commerce | Workshop for directors and supervisors “Corporate Resilience; Taiwan’s Competitiveness” |
3.0 | 3.0 |
2023.06.02 | Chinese National Association of Industry and Commerce | Workshop for directors and supervisors “2023 Taishin Net-Zero Electricity Summit Forum” |
3.0 | 6.0 |
2023.07.13 | Taiwan Stock Exchange Corporation | Sustainable Development Action Plan Advocacy Meeting for TWSE/TPEx-listed Companies | 3.0 | 9.0 |
2023.08.07 | Taipei Foundation of Finance | Sustainable Development and Sustainable Governance Trends | 3.0 | 12.0 |
2023.08.17-18 | Taiwan Corporate Governance Association | Net Zero Sustainability Talent Education Course – Enterprises’ Low-carbon Transformation Strategy | 9.0 | 21.0 |
2024.07.03 | Taiwan Stock Exchange Corporation | 2024 Cathay Sustainable finance and climate change summit | 6.0 | 27.0 |
Corporate governance structure
Succession plan and its operation of important management team
- Our employees that are Assistant Vice President and above are considered in the important management team, in charge of operating management in the organization. Substitutes are available on all management levels.
- The Company organizes a strict selection and evaluation system for succession plan of top management (including the President). Internal corporate talents are evaluated fairly, justly, objectively to select potential talents for succession. The Company cultivates internal talents with high potential. Cultivation covers leadership potential, personality, professional knowledge and management function.
- The member of important management team shall possess necessary professional skills, experience and background. By executing different project tasks in normal times, three skills including management knowledge, management skill and management leadership are cultivated. The value and operation philosophy of the member must be consistent with our concept of “Ethical Company, Order Market, Responsible Work” and our corporate culture of “Integrity, Professionalism, Determination, Innovation.”
- As for the key of the internal training plan of the top management team, the Company provides supporting resources or designs or adjusts the function for our diverse medium and senior-level human resources. The top management team joins the monthly management meeting and arranges supervisors to share and interact with each other on management issues through project task. The online course learning platform is available, covering leadership, management, technology, innovation and industrial trend for the members of the management team to learn themselves and create their comprehensive operational competence.
- Meanwhile, by quarterly review and annual employee performance evaluation system, critical talents are rotated to different departments based on our development strategy to cultivate diverse talents, beneficial to talent inheritance. By observation and performance evaluation, the Company understands the area that requires improvement, personal development need and company expectation. The evaluation result is used as the reference for further succession plan. The overall training lasts one to two years.
Risk management policies
The Regulations Governing the Risk Control Procedures was passed by the board of directors’ meeting on November 4, 2020. The Company evaluates the risk once a year, sets up risk management policies for all kinds of risks and covers and implements the management goal, risk evaluation, risk response and risk control. The Company aims to identify, measure and control all kinds of risks effectively, keep the risks incurred from the business activity within an acceptable scope.
To ensure our stable business operation and sustainable development, all kinds of risks are defined based on our operating strategy and goal. This aims to prevent possible losses within the bearable risk level, build an overall risk management organization structure and risk management system.
In anticipation of economic, environmental, and social risks associated with our industry, we proactively manage various uncertainties. Moving forward, we will further strengthen our corporate risk management systems and continue to enhance our employees’ awareness of risk management. This will enable us to effectively identify, manage, and mitigate risks and their associated uncertainties.
Organization name | Scope of authority and responsibility |
---|---|
Board of Directors/Audit Committee |
|
Top management team (CEO, Executive Vice-Presidents, Vice-Presidents) |
|
Managers on all levels |
|
Managers on all levels under each department |
|
Risk Control Architectural Diagram
The company reports to the board of directors once a year the risk map and response measures after risk assessment analysis (as shown in the table below).
Information security policy
一、Foreword
Due to the characteristics of the business of Senao International Co., Ltd. (hereinafter referred to as the Company), in order to protect the rights and interests of its customers, shareholders and the Company, the Company and all employees have the responsibility and obligation to jointly establish and maintain a safe information and communication operating environment, and to make information security a part of the corporate culture. The information security policy is formulated to clearly define security goals and requirements for compliance.
二、Scope of application
-
All employees of the Company
Our related information system
Manufacturer and visitor
Other personnel or organizations applying for the policy according to regulations or contracts
三、Purpose
The purpose of the Company's information security policy is to provide a corporate information security guideline and direction that can be followed, to clearly define the Company's information security management goals, and to serve as a guiding principle for the Company's business units to regulate their business security responsibilities. Strengthen information security management to ensure the security of information data, systems, equipment and network communications to effectively reduce information assets from theft, improper use, leakage, tampering, damage or system interruption due to human negligence, vandalism, equipment failure or natural disasters. In addition, comply with the information security management system (ISMS) requirements to ensure the confidentiality, integrity and availability of information assets. 1. Confidentiality: Only authorized personnel can reasonably use the information to prevent improper disclosure. 2. Integrity: Ensure that the information is not falsified without authorization and that the information processing methods and results are correct. 3. Availability: Ensure that authorized users can obtain information and use relevant assets when needed.
四、Information security organization
Organization | Scope of authority and responsibility |
---|---|
Information Security Management Committee |
|
Executive Secretary |
Responsible for various tasks of coordination of information security |
Information Security Team |
|
Asset Inventory and Risk Assessment Team |
|
Document Control Unit |
|
Audit Team |
|
五、Information security policy of the company
The information security policy includes the following
- (1) Each business unit of the Company must comply with the relevant government laws and regulations (such as the Patent Act, the Copyright Act, the Personal Information Protection Act, the Enforcement Rules of the Personal Information Protection Act, etc.) when conducting business.
- (2) Establish the Information Security Management Committee, which is responsible for the establishment and promotion of the Company's information security management system.
- (3) Establish the organizational landscape evaluation mechanism to define the information security policy and the scope of implementation of the information security management system, and to understand the needs and expectations of the organizational landscape and concerned parties.
- (4) Establish the document control operation rules to define the management principles for establishment, modification, coding, and issuance of documents related to the information security system.
- (5) Establish an information asset management mechanism to coordinate the allocation and effective use of limited resources to solve critical security issues.
- (6) Establish risk assessment management measures and identify the risks of various types of assets in order to take appropriate risk treatment measures to control and reduce risks to an acceptable level.
- (7) Regularly implement business-related information security education and training, and promote information security policies and related implementation regulations.
- (8) Establish physical and environmental safety protection measures for the computer room, and perform relevant maintenance on a regular basis.
- (9) Clearly regulate the permissions of information systems, network services, and sensitive information, and prevent unauthorized access.
- (10) Establish procedures for information system acquisition, development, and maintenance, and clearly regulate the basis for system development and outsourcing. Before the establishment or launch of an information system or service, information security-related issues should be included to prevent endangering of the security of the system.
- (11) Formulate and execute internal audit activities of information security to implement the information security management system and corrective measures for non-compliance issues.
- (12) Establish a business continuity plan for information security and practice it to ensure the continuous operation of the Company's business in case of an emergency.
- (13) All personnel of the Company are responsible for maintaining information security, shall understand and comply with relevant information security management regulations, and implement these in their duties.
六、Information security measures
Besides building a relevant information security management system, and continuing to respond to and monitor possible risks depending on the internal and external environment, the Company also reinforces the detection and protection stability of the existing internal information security system and builds a mechanism for continuous business operation, to reduce the risk of corporate information security and operation, and further prevents risk.
Item | Internal | External |
---|---|---|
Risk and trend monitoring |
|
|
Mechanism and protection |
|
|
Continuous operation of business |
|
|
七、Establishment and execution of information security
-
In 2023, a total of NTD13 million was invested in information security-related systems. In the second quarter, numerous information security systems were implemented to continuously observe equipment and network behavior, update and protect the latest threats on the Internet in real time, cooperate with information security vendors to analyze various information, and take immediate action in accordance with the established information security policy.
-
In 2023 Q3, ISO 27001:2013 certification has been obtained to meet the global IT standards and international standards to meet the international standard of information security management. It is expected to be updated to the latest ISO27001:2022 certification in 2024 in order to comply with the relevant information communication security guidelines and specifications of the competent authority .
-
In 2023, the Information Security Management Committee was established. The existing unit responsible for information security "Information Security Section” was upgraded to the "Information Security Division", with a dedicated information security supervisor and two dedicated information security staffs. This year, five information security reports were delivered at the board meeting and one information security management review meeting was held to meet the needs of concerned parties and among different departments.
八、Refer to the data in the past to assess the impact of the two information security incidents.
Refer to the data in the past to assess the impact of the two information security incidents.:
-
Senao systems encountered a DDOS attack and it cannot be visited or used. Emergency response and emergency service transfer plan have been conducted. Senaonline’s service has been affected for about two days, losing approximately NTD172 million of turnover.
-
The main office of Senao is affected by the earthquake, and power supply and network are affected accordingly. It is estimated that employees cannot work and some services will be affected for two weeks. The service is transferred to the cloud host and operation is continued. About NTD 0.1 billion is lost for relevant service, manufacturing and equipment.