Security and Risk
Although information security risks currently pose a relatively low threat to our operations, the complexity of the digital environment continues to increase. In response, our company has established an information security management framework and related policies.
At this stage, the Company implements information security risk management with the existing information security management procedures.
The relevant specific implementation measures are as follows:
01 Network Security Management
Configure an enterprise-level firewall to prevent illegal intrusion by hackers.
SSL VPN is used to connect with branches and external locations , and data encryption is used to prevent illegal interception of data during transmission.
Configure an Internet behavior management system to control network access, block access to harmful or policy-unallowed websites and content, enhance network security and prevent bandwidth from being improperly occupied.
02 System access control
The use of various application systems within the company must go through the information service demand application process, and after approval by the responsible supervisor, the information unit must create an account and the system administrator must open permissions based on the functions applied for before use.
The password setting of the account must comply with the requirements for mixed characters and digits before it can be passed.
When colleagues go through the resignation procedures, they need to work with the information department to delete accounts in various systems.
03 Implementing information security training
We regularly conduct information security education and training for employees, and provide them with information security training from time to time to enhance their awareness of the importance of information security.
During each system operation, a pop-up window will appear to remind you to pay attention to information security issues.
04 Virus protection and management
The server and colleagues' computer equipment are all installed with endpoint protection software, and the virus code is automatically updated to ensure that the latest viruses can be blocked.
The email server is equipped with a spam filtering mechanism to prevent viruses or spam from entering the user's PC .
05 Ensure system availability
Build a backup management system to regularly back up daily data, with one copy kept in the computer room and the other stored off-site for mutual backup.
Conduct disaster recovery drills regularly, select a recovery base point, and restore the backup file to the system host.
06 Computer equipment security management
The company's computer host, application servers, etc. are all set up in a dedicated computer room. The computer room access control adopts inductive card swipe entry and exit, and records are kept for review.
The computer room is equipped with independent air conditioning and uninterruptible power supply system and generator to keep the computer equipment running at a suitable temperature, so that the operation of computer application systems will not be interrupted when the power is cut off.
When building a device management system, only mobile devices and devices that have been certified by the company can connect to the company's intranet and access data.
07 Resources in information security management
Use Veritas backup exec backup software
Adopting Sharetech Next Generation UTM defense management platform
Perform vulnerability scans on host systems and websites regularly.
Cybersecurity incident prevention actions that Proxene has implemented in 2024 are as follows:
| Item | 2025 | 2024 |
| Disaster recovery drill | 1 time | 1 time |
| Vulnerability scan | 1 time | 1 time |
| Account permissions inventory | 1 time | 1 time |
| Operation system inventory | 1 time | 1 time |
| Information security education and training (all employees) | 1 time | 1 time |
| Information security risk assessment | - | 1 time |
| Social engineering training (all employees) | - | 1 time |