ASMedia’s Information Security Policy

  1. The purpose of ASMedia’s information security is to ensure confidentiality, integrity and availability of the important and core system within the company. Information security metrics, or, key performance indicators (KPIs), shall be obtained at different levels within the company based on the function of each department. The information security KPIs are used to ensure that the information security management system is implemented properly to achieve security goals.
  2. To attain the goals of the company and meet the expectations and requirements of the top management in regards to information security, we have established the Information Security Policy :
    • 2.1 Ensure confidentiality of all forms of business information and protect confidential information and personal information from leaking or getting lost in the company.
    • 2.2 Ensure integrity and availability of business data in order to carry out operations and conduct business properly.
  3. To ensure the effective operation of the information security management system, ASMedia appointed a information security officer and a dedicated personnel at the end of 2023 to oversee the planning and implementation of the information security management framework.
  4. Human Resource Security: To mitigate human factors of information security in the company, we provide information security education, trainings and disseminate related ideas to improve information security awareness among personnel.
  5. Asset Management: To protect ASMedia’s information assets, we create an inventory of assets according to the regulations. We also draw up the guidelines to classify, control and measure the value of the information assets.
  6. Access Control:
    • 6.1 To ensure that one needs to obtain authorization before accessing the data, we establish an access control policy that regulates the user password, registration, change, deletion and the regular review process, and also establish a clean desk and clear screen policy.
    • 6.2 To protect internet security, we design the internet service system that separates internal and external networks to control and monitor remote working and use of portable devices.
  7. Password Control: We create a proper and effective password policy to protect confidentiality, identity and integrity of information.
  8. Physical and Environmental Security: To ensure safety of the server room, the office and related equipment, we develop the guidelines for entrance control of the server room, equipment inspection and management. We also set out guidelines for use, management and disposition of the general data.
  9. Operations and Communications Security:
    • 9.1 To ensure that the information equipment is properly and safely operated, we introduce the regulations on appropriate use of information. This helps to both prevent confidential information from leaking and build a system that prevents malware infection and blocks portable applications.
    • 9.2 To ensure integrity and availability of information assets, we establish a policy to back up data and adopt the external information system service to monitor the data.
    • 9.3 To protect internet security, we establish the internet security system and provide guidelines to monitor and protect log information.
  10. System Acquisition, Development and Maintenance: To ensure safety of system development, testing, acceptance testing, launching, maintenance and information systems outsourcing, we establish the standard control procedures.
  11. Supply Chain Relationships: For suppliers, we establish the supplier relationships and management policy to ensure safety of suppliers’ accessing, handling and managing of ASMedia’s information and information processing facilities. For customers, we strengthen information security management to protect personal data against theft, alteration, destruction, loss or leakage in accordance with our Personal Data Protection Policy.
  12. Information Security Incident Management: To mitigate the damage of an information security incident, we establish the procedures for reporting and handling information security incidents and keep a detailed record of the incidents.
  13. Information Security Aspects of Business Continuity Management: To ensure ASMedia’s business continuity, we set requirements on the information security aspects of business continuity management and establish the continuity management procedures and framework. We create the business continuity plan and conduct the BCP drill once a year.
  14. Compliance: To ensure regulatory compliance in information security and compliance with any security requirements and latest technologies, we establish the relevant compliance policy.
  15. Any employee who violates the regulations related to information security is liable for a breach of the regulations on information security and faces a corresponding penalty.
  16. The Information Security Policy shall be reviewed by the head of the information security division and the internal auditor at least once a year to ensure that the policy complies with relevant laws and meets the requirements on latest technologies and business operations and that the implementation of information security practices is effective.
  17. Any matter that is not stated in the Information Security Policy shall be handled by the related laws and the company’s rules and regulations.
  18. The Information Security Policy is implemented after approval by the information security manager of the company. The same principle applies to any amendment of the policy.

ISO 27001 Certificate Link