Information security police and concrete management initiative:

Information security policies of the Company focuses on information security governance and application. Through coordination of software and hardware as well as personnel authorization management, the Company constructs the network of information security management.

(1) Installation of equipment firewall

(2) Management of information lab

(3) Management of user authorization levels

(4) Information security management at the Plant

Each enacted policy is effectively implemented. Each year, staff are required to attend various information security conferences to understand the newest information security issues, trends, and relevant strengthening measures. Through educational training, information security knowledge and risk awareness of staff are optimized.

Professional IT management is in charge of information security governance, planning, supervising, and policy promotion of the Company and at the same time, it evaluates and screens possible risks to come up with responsive plans. When necessary, external advisors are hired to timely respond to various IT demands. Risk management of information security is conducted regularly. Every half year, relevant information security policies are reviewed. Additionally, inspection of internal protection mechanisms of all computers at the production plant is conducted irregularly to develop holistic information security protection abilities as well as correct information security awareness of staff. The Company regularly audits information affairs according to laws to ensure soundness of information security systems and implementation of relevant policies. The related auditing results are also regularly reported to the Board of Directors in compliance with laws.

In this digital information era, no staff and company can be left alone to potential information security threats in every corner of the Internet.In addition to the compliance with relevant information security policies regulated by the Government, SHEN’s fulfills its responsibility to manage information security with the aim to reduce operational risk in the IT field to a minimum level. According to risk levels, information systems are built with server support and information backup mechanisms to ensure services without interruption. Drills are conducted regularly with lab emergency simulation to guarantee under emergency, the information system remains its operation and secured.The UPS system is additionally installed to reduce sudden power cut for information accuracy. Furthermore, according to the usage life of machines, we plan design and improve proper hardware equipment sources.