As cyber security is crucial for trade secret protection, Oneness has formulated information security policies, and concreted protective measures to enhance cyber security. The Information Department has established a Cyber Security Team responsible for formulating cyber security policies and implementation plans, promoting implementation of the policies and plans, and reviewing the implementation for improvement. The Team reports the current status of information security management to the representative of the cyber security management committee on a quarterly basis. The Audit Office has also established an Internal Audit Team to perform audits on the implementation of cyber security policies twice a year, and to track the effectiveness of improvement plans. In 2022, the Cyber Security Team was composed of 2 personnel, internal audit team of 1 personnel, held 1 cyber security meetings, and found no major violation in relation to cyber security.
Oneness Biotech has listed cyber security as a material risk issue. Chairman serves as the convener of the Cyber Security Management Committee, and has authorized Chief Information Officer to serve as the committee representative who is responsible for promoting the management and operation of cyber security, execution of the protective measures for important information, and disaster drills and the implementation plans. Any special incident occurred will be reported to the Risk Management Committee for the review of corresponding action plan.
| Oneness Biotech introduced the ISO 27001 Information Security Management System (ISMS) in 2021, and gap analysis and correction have been conducted after the verification scope was confirmed. The scope included both system-wise and management-wise. The implementation items included risk evaluation, vulnerability remediation, security protection, risk verification, asset inventory, risk evaluation, and education and training, while relevant documents were established. The Company received the certificate issued by the international certification company BSI on March 2, 2022. |
|
Organizational Structure for Cyber Security
| Develop Management Measures |
| To strengthen its cyber security management system, Oneness obtained ISO 27001 certification in March 2022. The international information security standard contributes to implementing the related management system, raising employees’ awareness of cyber security, and establishing 22 proper procedures and instructions for the use of computers and networks: the Cyber Security Policies, the Cyber Security Organization and Target Management Procedures, the Information Asset Management Procedure, and cyber security risk evaluation, physical security, operational safety, access control, and cyber security incident management. |
| Information Technology |
| The Company has implemented multi-layer software and hardware protection has been provided, including account password complexity authentication, host- and user-end antivirus, online behavior management, protection against malicious websites, firewall-based barrier, host data backup, data encryption, network IP management, and etc. |
| Promotion and Improvement |
| We endeavor to perfect the cybersecurity management mechanism and raise employees’ awareness of cybersecurity and self-protection. We convene at least one cybersecurity management review meeting every year in order to monitor and control the cybersecurity-related systems and related incidents of that year, communicate cybersecurity-related information to employees for a total of at least three hours per year, and conduct at least one drill to report cybersecurity incidents every year. In 2022, a total of two cybersecurity training activities were organized, including social engineering drills, information security guidelines for listing, and other educational trainings. In addition, four email social engineering drills were executed in 2022 to enhance the Company’s personnel information security awareness. |
| Join the Joint Defense Mechanism |
| In an effort to strengthen the proactive defense strategy, Oneness joined the TWCERT/CC Information Security Alliance in September 2022 to exchange cyber-threat related information through this platform from time to time. The goal is to expand the breadth of the Company’s information security protection through this joint defense mechanism. |
Flowchart of Reporting and Responding a Cyber Security Incident
Oneness’Education and Training on Cyber Security in 2022
Note 1: All the employees/high-risk employees or specific departments
Note 2: coverage rate = number of actual participants / target participants
Oneness Biotech Information Security Management Result
※The above content is taken from the ESG Report
