Information Security

Home / Corporate Governance / Information Security
Information Security Organization

AMPOWER actively enforces its information security policies and operations in compliance with the Guidelines for Establishing Internal Control Systems by Public Companies and the Information Security Management Guidelines for Listed Companies. The Company has established an Information Security Team, led by a senior executive who serves as both team leader and convener. This team, composed of certified information security professionals, is responsible for planning, implementing, auditing, and continuously improving information security management. Regular meetings are held to review policies and align on future security strategies.

Information Security Organization
Information Security Policy
  1. The Company complies with relevant information security laws, including the Information Security Management Act, National Secrets Protection Act, and Personal Data Protection Act. We implement robust measures to protect our information assets, ensuring data confidentiality, integrity, and availability. This safeguards our operations from internal and external threats, supporting continuous business activity.
  2. We have established a comprehensive information security system that strengthens the protection of IT assets. By participating in cybersecurity threat intelligence platforms, we stay informed of emerging risks to minimize the impact of vulnerabilities and threats.
  3. Regular cybersecurity training and awareness programs are conducted to enhance employees’ understanding of security risks and best practices.
  4. We continuously evaluate potential risks and maintain business continuity plans for critical systems. Regular drills and multi-layered backup strategies ensure ongoing core operations without disruption.
  5. Our information security management is regularly reviewed and improved through assessments, simulations, and policy updates. This strengthens employees’ ability to respond to incidents and prevents security breaches. We also have clear procedures for reporting and managing security incidents.
  6. All employees share the responsibility to uphold information security and must adhere to the Company’s security policies and guidelines.
Information Security Incident Reporting Procedures

In the event of an information security incident, the responsible department must immediately report it to the IT team in accordance with the Procedures for Information Security Incident Response. Our cybersecurity personnel will assess the incident type, identify the root cause, take immediate action, and maintain a full incident record.

Personal Data Protection Policy

We are committed to protecting personal data in compliance with the Personal Data Protection Act. Our Personal Data Protection Policy clearly defines employee responsibilities and safeguards the rights of data subjects. The policy aims to reduce the risk of data breaches, ensure data security, and support long-term business continuity through ongoing review and improvement.

Policy Review and Continuous Improvement

We review this policy annually to reflect changes in laws, technologies, business operations, and internal controls. This ensures our information security management system remains effective, up to date, and aligned with operational needs.

Information Security Practices and Implementation
  1. We have implemented comprehensive internal policies—including the Information Security Management Policy, IT Equipment Usage Policy, and Trade Secrets Protection Policy—to strengthen risk management across the organization.
  2. We allocate a dedicated annual budget for cybersecurity to upgrade systems and infrastructure. We deploy endpoint detection and response (EDR) tools, vulnerability scanners, and other security solutions to reduce risks and increase resilience.
  3. Regular training and awareness campaigns are held to strengthen employee understanding of cybersecurity. Simulated phishing tests and emergency drills are conducted to enhance preparedness and incident response capabilities.
  4. We also replace outdated devices and software on a regular basis to prevent security vulnerabilities. All endpoint devices are centrally managed under our corporate domain, with strict policy and access controls in place. Operating systems and antivirus tools are kept up to date.
  5. Our data is protected by multi-layer and offsite backups, and disaster recovery drills are conducted regularly to ensure business continuity. For key systems, we perform periodic internal and external vulnerability scans to identify and fix security gaps.

In 2024, the Company experienced no major information security incidents, meeting our established cybersecurity management objectives.

返回頂端