Risk Management
Information Security Policy
To ensure that GLT business runs continuously, reduce information security risks and also prevent all information assets from malware attack threats, GLT draws up “Information Security Policy” and related procedures to protect our information security. In addition, GLT establishes “Information Security Committee”, assigning COO as the Convener, to be in charge of consolidating all GLT affiliated companies’ execution plans of information security, IT software and hardware, data protection, and execution & coordination of information security operation across all functional Departments. Finally , GLT’s Internal Auditor conducts audit periodically, or irregularly every year and reports to the Board of Directors.
Architecture
| INFORMATION SECURITY MEASURES | |
|---|---|
| Data Security Management | R&D’s confidential data are managed by use of DRM (Digital Rights Management) software for encryption/ decryption process.& log to ensure no leakage. |
| Management of User Account and Authority | Both of application & change of personal account & authority have to go through application process and match work description & job authority. |
| Management of Network Communication Security | GLT implements firewall to monitor all network communication and controls personnel’s authority to go online. |
| Management of Application System Security | Authority of usage of application system is controlled by classification of job function. |
| Information Security Education | In addition to new hired employee education hosted by HR Department , IT Department also posts information security promotion announcement irregularly on GLT portal. |
| Data and System Backup | GLT uses dedicated backup software for secure backup copy and multi heterogeneous saving media to safeguard the backup data. |
| Emergency Information Security Incident and Disaster Recovery | IT Department conducts drills periodically for information security incidents/ disasters to review possible improving solutions & execute necessary improvements. When information security incidents happen, need to notify Information Security Executor immediately to react per related operation procedures. After the issues are closed, need to submit related dealing details to Information Security Committee. |