Integrity management

Integrity in Business Operations
Evaluation Item Abstract Illustration Deviations from the “Ethical Corporate Management Best Practice Principles for TWSE/GTSM Listed Companies” and Reason
YES NO Abstract Illustration
I. Establishment of Corporate Ethics Principles and Implementation Programs
1.Does the Company have its regulations and publicly availabledocuments addressing its corporate ethics principles and programs, and the commitment regarding implementation of such programs from the Board of Directors and the managementteam? V   1.The Company has established the “Corporate Ethics Principles” and the “Procedure of Implementing Corporate Ethics and Guidelines for Conduct” passed by Board of directors and put it into practice, and then ensure strict compliance in of internal management and external commercialactivities. No Significant Difference
2.Does the company establish relevant programs, which are duly enforced to prevent unethical conduct and provide implementation procedures, guidelines, consequence of violation and complaint procedures in such programs? V   2.The Code of Ethics sets forth anti-bribery, corruption and illegal political contributions. No Significant Difference
3.Does the company establish appropriate preventive measures for the business activities prescribed in Paragraph 2, Article 7 of the “Ethical Corporate Management Best Practice Principles for TWSE/TPExListed Companies” or any other such activities associated with high risk of unethicalconduct? V   3.In the “Procedures for Ethical Management and Guidelines for Conduct,” the Company has specified the handling procedure, and procedures for reward/penalty, appealing and records of disciplinary actions. If there is any bribery acceptance or anti-bribery incident, the heads may report the penalty or reward immediately. Related systems are implemented thoroughly.     No Significant Difference
II.Ethic Management Practice
1.Does the company assess the ethics records of whom it has business relationship with and include business conduct and ethics related clauses in the business contracts? V   1.Before starting any business relationship, the Company makes all possible efforts to collect the information regarding the counterparties’ credit status and reputation in the industry, to prevent any possible unethical business behavior. No Significant Difference
2.Does the company set up a unit which is dedicated to or tasked with promoting the company’s ethical standards and reports directly to the Board of Directors with periodical updates on relevant matters? V   2.The company uses the Group Public Relations and Legal Department as a full-time unit to promote corporate integrity management. The full-time unit will report its implementation to the board of directors on 2022/12/14:
a. The directors, senior management and employees of the company and its subsidiaries have signed the Integrity Statement.
b. This year's integrity management education and training has been completed at the monthly mobilization meeting in November 2022. The directors and managers will handle the "Common Cases of Insiders Violating the Securities and Exchange Law", "Insider Trading Regulations and Prevention" in writing or by email. Practice" and related laws and regulations, and participated in the online "111 Annual Prevention of Insider Trading Promotion Conference" held by the Exchange.
c. After checking the information on employee rewards and punishments in 2022, the company and its subsidiaries have not violated business integrity.
No Significant Difference
3.Does the company establish policies to prevent conflict of interests,provide appropriate communication and complaint channels and implement such policies properly. V   3.In the “Procedures for Ethical Management and Guidelines for Conduct,” the Company sets forth the regulations related to the interest recusal, to prevent the decision-making not conforming to the ethical management principles. If there is any violation, before the official disciplinary action is decided, the investigation unit and the chief making the decision would give a chance to the involved parties for sufficient statement. No Significant Difference
4.To implement relevant policies on ethical conducts, does the companyestablish effective accounting and internal control systems that are audited by internal auditors or CPA periodically? V   4.For activities with high risk of unethical conduct, the Company has built an effective accounting system, internal control system and auditing system. These systems are required to be reviewed and revised from time to time to ensure effectiveness of such systems and their implementation. In addition, internal auditors conduct regular auditing activities to assess compliance performance and submit auditing reports to the Board ofDirectors. No Significant Difference
5.Does the company provide internal and external ethical conduct training programs on a regular basis? V   5.The Company has included ethics in the corporate slogans and fully implement the ethical management in daily operation. In the future, the internal and external trainings of ethical management will be conducted from time to time. No Significant Difference
III.Implementation of Complaint Procedures
1.Does the company establish specific complaint and reward procedures,set up conveniently accessible complaint channels, and designate responsible individuals to handle the complaintreceived V   1.The company has formulated a "reporting system", which clearly defines the special acceptance unit, reporting channel, acceptance process and reward method. No Significant Difference
2.Does the company establish standard operation procedures for investigating the complaints received and ensuring such complaints are handled in a confidentialmanner? V   2.Article 6 of the company's whistle-blowing system specifies the procedures for acceptance, filing, reporting, investigation, and reporting; Article 7 specifies that the responsible personnel should keep the information related to the reported case strictly confidential; Article 9 specifies the maintenance and preservation of files All investigation files are ordered to be included in confidential management and encrypted protection. No Significant Difference
3.Does the company adopt proper measures to prevent a complainant fromretaliation for his/her ling a complaint? V   3.The company's whistle-blower system is clear: the company promises to protect the whistleblower from being improperly dealt with because of the whistleblower. No Significant Difference
IV.Information Disclosure
1.Does the company disclose its corporate ethics principles as well as information on implementation of such principles on its website and MarketObservation Post System (“MOPS”)?     V   1.The Company has established the “Ethical Corporate Management Best Practice Principles” and the “Procedures for Ethical Management and Guidelines for Conduct;” both are disclosed on the Company’s website and on the MOPS sufficiently.     No Significant Difference
V.If the company has established the ethical corporate management policies based on the Ethical Corporate Management Best-Practice Principles for TWSE/TPEx Listed Companies, please describe any discrepancy between the policies and their implementation:None.
VI.Other important information to facilitate a better understanding of the company’s ethical corporate management policies (e.g., review and amend its policies):None.
 
Information Security Policy
1.資通安全風險管理架構

 (1) The company has established a Group Information Department dedicated to information and communication security. This department consists of an Information Supervisor and specialized information professionals responsible for formulating group information and communication security policies, planning and implementing information and communication security operations, and promoting and enforcing information and communication security policies.
 (2)The company's Group Audit Office serves as the supervisory unit for information and communication security. This office includes one Audit Supervisor who is responsible for overseeing the internal implementation status of information and communication security. In the event of identified deficiencies during audits, the Audit Supervisor may request the audited units to submit relevant improvement plans. Additionally, regular monitoring of the effectiveness of improvements is conducted to mitigate internal information and communication security risks.
   (3)An annual report on the operational status is presented to the Board of Directors. The report for the year ending December 13, 2023, has already been submitted to the Board of Directors.

 

2.資通安全政策
Item Content
1(Purpose)

(1)To ensure the security of the company's servers (including cloud servers), data storage, network communications, and all operational technology (OT) devices, and to prevent unauthorized access, use, data breaches, tampering, disruption, or any other infringements on information and communication, the following measures and practices will be implemented to maintain the confidentiality, integrity, and availability of the company's digital information.

2(Scope)

(1)The scope of this policy applies to the company, its subsidiaries, all employees, as well as businesses, vendors, visitors, and other entities with whom the company conducts business.

3(Target)

(1)Ensure the continuous operation of information processes within the company, with accuracy, completeness, and availability.

(2)Safeguard the confidentiality of critical information within the company by implementing data access controls, ensuring that information is accessed only by authorized personnel, and preventing unauthorized access.。

4(Information Security Control Measures) (1) All information policies of the company must comply with local government regulations.
(2) Establish a dedicated information security officer to establish and promote relevant information security systems.
(3) Effectively manage information assets and continuously assess corresponding risks.
(4) Establish an independent information system room and environmental safety protection measures, and make regular maintenance and maintenance plans.
(5) Assess various natural and man-made disaster risks, and formulate a core information system restoration and exercise plan to ensure that the core information system can be restored and operate normally when it is damaged due to various conditions.
(6) Regularly implement information security publicity, education and training and related implementation regulations.
(7) Clearly regulate the use authority of the information system to ensure that only authorized users can access the information system.
(8) Implement the management of outsourced manufacturers to ensure the safety of information services.
(9) Formulate an internal audit plan for the information security management system, regularly review the use of all personnel and equipment within the scope of the information security management system, and formulate and implement corrective and preventive measures according to the audit report.
5 (1)This policy was implemented following approval by the Board of Directors, and any amendments will follow the same procedure.
(2)The policy was established on December 23, 2021.

 

 

3.The specific management plan and the resources invested in the security management of information communication

 (1) All information policies of the company must comply with local government regulations.
 (2) Establish a dedicated information security officer to establish and promote relevant information security systems.
   (3) Effectively manage information assets and continuously assess corresponding risks.
   (4) Establish an independent information system room and environmental safety protection measures, and make regular maintenance and maintenance plans.
   (5) Assess various natural and man-made disaster risks, and formulate a core information system restoration and exercise plan to ensure that the core information system can be restored and operate normally when it is damaged due to various conditions.
   (6) Regularly implement information security publicity, education and training and related implementation regulations.
   (7) Clearly regulate the use authority of the information system to ensure that only authorized users can access the information system.
   (8) Implement the management of outsourced manufacturers to ensure the safety of information services.
   (9) Formulate an internal audit plan for the information security management system, regularly review the use of all personnel and equipment within the scope of the information security management system, and formulate and implement corrective and preventive measures according to the audit report.

 

4.Invest resources in the information security management

 ⚫ To ensure the effective operation of the Information Security Management System, one Information Security Officer and one Information Security Personnel are appointed. They are responsible for promoting and maintaining various aspects of information and communication security management, as well as executing and auditing related tasks. When necessary, they may convene meetings and invite relevant personnel to participate.

 ⚫ The company conducts annual discussions to review and improve various aspects of the information security framework, including information security policies and procedures, cybersecurity education and training, data center management practices, continuous operational exercise implementation plans, and external audit management procedures. These discussions aim to enhance and refine the information security management mechanisms for better effectiveness.

 ⚫ Execution Status in the Year 2023:

Item

Date

Content

Information Security Education and Promotion.

112/4/12

112/10/18

Twice

Technical Tools

112/2/4

 UTM NU-8700C

112/3/10

Mail server MS 6430X

Rationality and Audit

112/8/8

Host Vulnerability Scanning

112/7/14

Enterprise Cybersecurity Rating Assessment

112/11/6

KPMGExternal Information Security Audit

Emergency Response Plan

112/10/7

Continuity of Operations Exercise Implementation Plan

Disaster Drill

112/11/1

Continuity of Operations Exercise Implementation

Security Conference

112/11/27

1.Sharing the latest information security-related knowledge, including recent threats, vulnerabilities, and security measures.

2.Discussing the ever-evolving information security requirements, including new technologies and regulatory changes.

 
 
Risk Management Policy and Procedures and Operation Status

 In 2022, the Company established the "Risk Management Policy and Procedures," which was approved by the Board of Directors, serving as the Company's highest guiding principle for risk management. The Company conducts regular annual assessments of operational risks and formulates response strategies for various risks. These strategies encompass management objectives, organizational structure, roles and responsibilities, and risk management procedures. They are implemented to effectively identify, measure, and control the company's various risks, keeping risks within acceptable limits.

 
Scope of Risk Management

 The Company actively oversees the assessment and management of significant risks in various aspects of its operations, including economic, environmental, and social aspects. In addition to existing regulatory frameworks and procedures, the company conducts proactive monitoring and evaluation of important risks. The company's management assesses risks and formulates mitigation measures based on the nature of their responsibilities. The areas covered by risk management include "Market Risk," "Operational Risk," "Investment Risk," "Compliance Risk," and "Climate Change Risk," among others. The "Risk Management Policy and Procedures" of the company were implemented after approval by the Board of Directors on November 9, 2022, as outlined in the "Company's Important Regulations."

 

Organizational Structure
Item Content
Board of Directors The Company's Board of Directors is the highest governing body for risk management. It aims to comply with laws and regulations, promote and implement overall operational risk management, and gain a clear understanding of the risks associated with sustainable operations. The Board ensures the effectiveness of risk management.
Executive Management (Chairman, CEO, or 
relevant operational executives)
Responsible for reviewing and managing risk assessments and response strategies for various plans and projects initiated by the respective departments. They provide guidance on risk management.
Audit Unit This independent unit under the Board of Directors assists the Board and the management in examining and reviewing the deficiencies in internal control systems. It assesses the effectiveness and efficiency of operations and provides timely improvement recommendations. This ensures the continued effective implementation of internal control systems and serves as a basis for reviewing and amending internal control systems.
Business Execution
 Units
These units are responsible for frontline risk management in daily operations. Their unit heads analyze, monitor, and prevent relevant risks within their areas of responsibility. They ensure that risk management mechanisms and procedures are effectively implemented.

 

Operation Status

The company actively promotes the implementation of its risk management mechanisms. It conducts risk response planning during regular management meetings and reports on its operations annually to the Board of Directors. The report provided to the Board on December 14, 2022, included explanations of risk assessments, the risk control measures implemented, and the operation status of risk management.

 

 

公司治理主管

 本公司為保障股東權益、強化董事職能及公司治理,本公司已於2023年5月10日董事會通過由財務長余聖芬兼任公司治理主管,負責公司治理之制度設計、規劃及工作執行。

公司治理主管職權如下:

(1)依法辦理董事會及股東會之會議相關事宜;

(2)製作董事會及股東會議事錄;

(3)協助董事、監察人就任及持續進修;

(4)提供董事、監察人執行業務所需之資料;

(5)協助董事、監察人遵循法令;

(6)其他依公司章程或契約所訂定之事項等。

主要執行情形如下:

 2023年度辦理相關董事會及股東會相關事宜均順利完成

1.協助董事及獨立董事執行職務、提供所需資料及安排其進修

2.協助董事會及股東會議事程式及決議法遵事項,如報告公司治理狀況及負責董事會重要決議之重大訊息發佈事宜等

3.協助法定期限內製作開會通知、議事手冊、議事補充資料。

進修情形如下:

公司治理主管2023年度進修情形

日期 主辦單位 課程名稱 進修時數 當年度進修總時數
2023/5/23   臺灣證券交易所 上市上櫃公司永續發展行動方案宣導會 3 12
2023/7/4   臺灣證券交易所 2023國泰永續金融暨氣候變遷高峰論壇 6
2023/10/20   財團法人中華民國證券暨期貨市場發展基金會 112年度防範內線交易宣導會 3

 

 
Information security management

 本公司為達成「全球汽車行業及工業金屬零組件設計、工程和製造的領導者」願景,鼓勵發明創造並加強智慧財產管理,擬定結合公司營運目標與研發資源的智慧財產管理辦法,以保護公司研發成果並降低營運風險。

專利管理

1.本公司在涉及重大投資、研發、引進、合資、營銷等決策前,須制訂並實施專利戰略。於經營性投資決策前,應由專責單位分析國內外專利資訊,提出有關投資決策的可行性建議。

2.本公司專利由研發單位進行技術開發,透過內部審查、專利檢索及外部專利事務所協助提出專利申請相關事宜,後續由專責單位定期追蹤執行進度並做適當管理。

商標管理

 本公司已分別於台灣、美國及中國大陸等地取得註冊之商標,用於公司業務有關之文書、廣告及網站上,以建立公司品牌形象。另外,公司已指派專責單位負責商標權管理,避免發生商標權期間屆滿未申請延展註冊情形。

營業秘密管理

本公司訂有「誠信經營作業程序及行為指南」,規定如下:

1.本公司應設置專責單位,負責制定與執行公司之營業秘密、商標、專利、著作等智慧財產之管理、保存及保密作業程序,並應定期檢討實施結果,俾確保其作業程序之持續有效。

2.本公司人員應確實遵守前項智慧財產之相關作業規定,不得洩漏所知悉之公司營業秘密、商標、專利、著作等智慧財產予他人,且不得探詢或蒐及非職務相關之公司營業秘密、商標、專利、著作等智慧財產。

於聘僱契約約定如下:

1. 員工於任職期間知悉或持有之營業秘密與商業機密,非經公司事前書面同意,不得以任何方式洩漏、告知、交付或移轉予第三人;亦不得自行對外發表或為自己或第三人利益而使用。且員工離職後仍負有遵守保密約定之義務。

2.員工若違反上述約定,公司得請求懲罰性違約金外,並得請求賠償公司所受之損害或併予追究相關刑責。

執行情形

1.本公司之智慧財產相關事項定期每年向董事會報告,最近一次於2023年12月13日之董事會進行報告。

2.大陸子公司2023年度取得符合高新技術企業認定證書之實用新型專利20件、發明專利1件。

3.為提升員工智慧財產保護意識及營業秘密保護認知,2023年度於11月份舉辦智慧財產教育訓練。

取得智慧財產清單與成果

 專利 有效:國內-4件,國外-185件 商標 有效:國內-3件,國外-5件

 

 

關係人交易

 本公司與關係人相互間之財務業務相關作業已訂定「集團企業、特定公司及關係人交易作業辦法」及「取得或處分資產處理程序」以資遵循,該書面規範業經董事會通過。

 本年度與個別關係人無重大進銷貨交易或取得處分資產交易需提董事會通過情形。