As cyber security is crucial for trade secret protection, Oneness Biotech has formulated information security policies, and concreted protective measures to enhance cyber security. The Information Department has established a Cyber Security Team responsible for formulating cyber security policies and implementation plans, promoting implementation of the policies and plans, and reviewing the implementation for improvement. The Team reports the current status of information security management to the representative of the cyber security management committee on a quarterly basis. The Audit Office has also established an Internal Audit Team to perform audits on the implementation of cyber security policies twice a year, and to track the effectiveness of improvement plans. In 2021, the Cyber Security Team was composed of 3 people, held 3 cyber security meetings, and found no major violation in relation to cyber security.
 |
Oneness Biotech has listed cyber security as a risk issue. Chairman serves as the convener of the Cyber Security Management Committee, and has authorized Chief Information Officer to serve as the committee representative who is responsible for promoting the management and operation of cyber security, execution of the protective measures for important information, and disaster drills and the implementation plans. Any special incident occurred will be reported to the Risk Management Committee for the review of corresponding action plan. |
Organizational Structure for Cyber Security
| Develop Management Measures |
- To strengthen its cyber security management system, Oneness Biotech obtained ISO27001 certification in March 2022. The international information security standard contributes to implementing the related management system, raising employees’ awareness of cyber security, and establishing 21 proper procedures and instructions for the use of computers and networks: the Cyber Security Policies, the Cyber Security Organization and Target Management Procedures, the Information Asset Management Procedure, and cyber security risk evaluation, physical security, operational safety, access control, and cyber security incident management.
- Periodic review and correction are performed to ensure the aforesaid cyber security-related regulations are in line with the global development trends of corporate governance and digital technology.
|
| Information Technology |
- Advanced software and hardware have been introduced to effectively prevent cyber security incidents. For cyber security protection, the Company has implemented multi-layer software and hardware protection has been provided, including account password complexity authentication, host- and user-end antivirus, online behavior management, protection against malicious websites, firewall-based barrier, host data backup, data encryption, network IP management, and etc.
- A variety of cyber security control technologies are used to protect the trade secrets of the Company effectively.
|
| Promotion and Improvement |
- The Company endeavors to perfect the cyber security management mechanism and strengthen employees' awareness of cyber security and self-protection. We convene cyber security management review meeting at least once a year in order to monitor and control the cyber security-related systems and incidents in that year, communicate cyber security-related information to employees at least 3 hours per year, and conduct cyber security incident reporting drill at least once a year. In 2021, a total of 3 cyber security training activities were organized (including the professional education and training provided by the Information Department), with a total of 120 participants.
|
Flowchart of Reporting and Responding a Cyber Security Incident
Statistics of Oneness Biotech’s Education and Training on Cyber Security in 2021
Note 1: All the employees/high-risk employees or specific departments
Note 2: coverage rate = number of actual participants / target participants
Oneness Biotech Information Security Management Result
※The above content is taken from the ESG Report
