Information Security Management Policy
SynPower follows the "Cybersecurity Management Guidelines for Listed Companies" to formulate its security policy. The Board has authorized the establishment of the "Information Security Management Team," led by the Chief Information Security Officer (CISO). We are dedicated to building a robust and trustworthy security environment to protect the interests of our clients and stakeholders.
2025: Zero Major Security Incidents
Through rigorous controls, SynPower did not experience any major cybersecurity incidents in 2025, ensuring operational stability and data integrity.
2025 Information Security Performance
Security Awareness
6 Sessions
Fraud Prevention & Compliance
Social Engineering Drills
3 Cycles
Target click rate < 5%
Vulnerability Remediation
30 Hosts
Core Server Patching
2025 Multi-layered Security Achievements
Infrastructure & Hardening
• Feb: Equipment Refresh – Upgraded core network devices and firewall performance.
• Aug: Vuln Scanning – Scanned and remediated 30 core servers.
• Real-time Response – Deployed MDR (Managed Detection and Response) for instant defense.
Resilience & Risk Assessment
• Dec: Risk Assessment – Executed annual risk assessment following ISO 27001 standards.
• Dec: Disaster Recovery – Verified backup effectiveness through off-site restoration drills.
Awareness & Audits
• Employee Training – Conducted 6 awareness sessions and 3 social engineering drills.
• Jul: External Audit – Passed the CPA firm's information operations audit with no major findings.
• Threat Sharing – Maintained active membership in TWCERT/CC for intelligence sharing.
Physical Security
• Maintained 24/7 access control and surveillance for server rooms with audited logs.
Cyber Incident Response & Classification
SynPower has established the "Cyber Incident Response and Notification Procedures" to ensure rapid containment and recovery.
Last Updated: 2025/12/31