NUEIP Information Security Policy

Article 1: Policy Purpose and Commitment

Our company is dedicated to providing secure, stable, and trustworthy services. This policy is established to protect the information assets of both the company and our clients from any internal or external, intentional or accidental threats. We commit to implementing robust information security management through the active participation of all employees, thereby ensuring business continuity and safeguarding client rights.

Article 2: Core Security Objectives

  1. Confidentiality: To protect client privacy and commercial secrets, preventing unauthorized access and data leakage.
  2. Integrity: To ensure the accuracy and completeness of information during transmission and storage, preventing unauthorized modification.
  3. Availability: To ensure the stable operation of information systems and services, guaranteeing that authorized users have uninterrupted access whenever needed.

Article 3: Scope of Application

This policy applies to all company employees, suppliers, business partners, and all information assets managed by the company.

Article 4: Implementation Strategies

  1. Conduct regular information security risk assessments to ensure the effectiveness of control measures.
  2. Implement strict physical and digital access controls, adhering to the principle of least privilege.
  3. Require all employees to undergo annual information security awareness training to strengthen security vigilance.
  4. Establish an incident response procedure to ensure rapid recovery and maintain business continuity in the event of an emergency.
  5. Strictly comply with relevant national laws and regulations (e.g., the Personal Data Protection Act).

Article 5: Review and Update

This policy shall be reviewed periodically by the Information Security Committee and updated as necessary in response to changes in regulations, technology, and business operations, ensuring its ongoing effectiveness and forward-looking relevance.