♦ Information Security Management
FITI understands that the protection of confidential information is critical to the company's current and future competitive advantages. Therefore, in 2017, it has invested in information security protection measures to control the company's business secrets, and by constantly promoting the importance of confidential information protection, employees are more aware of confidential information and the correct concept and vigilance of protection to ensure the best interests of stakeholders related to FITI.
FITI is committed to protecting the confidential information and privacy rights of customers in order to build trust and long-term cooperative relationships with customers, providing customers with exclusive technical service team and data protection, and requiring employees to fulfill their duty to protect confidentiality. In order to strengthen information security, the company set up a Chief Information Security Officer in 2024 and established an Information Security Management Department, with the Information Security Planning Section and the Protection Response Section under it. There are currently 7 information security personnel, responsible for information security policy formulation, management audits, protection monitoring and emergency response, and regularly report the information security status and improvement progress to the board of directors every quarter. In order to implement and promote the information security management system, in 2024, one risk assessment meeting and one information security management review meeting were held, two key business operation continuous planning drills were held, and four employee safety promotion sessions were held with a total of 5,038 people. The Information Security Management Department and the Quality Assurance Department of the company are responsible for promoting the planning, execution, auditing, communication and coordination of management-related matters, and handling relevant education, training and publicity to ensure that personnel are familiar with the security responsibilities of business execution. The company formulates relevant norms and systems, access control, sub-authorities and validity periods, and controls customer data. In response to customer confidential projects, employees must sign a personal confidentiality agreement for the project to fulfill their responsibility to protect customer information.
1. All security measures must be followed by all employee
2. For customer data, all employees involved should sign "Non-disclosure Agreement"
3. FITI's internal "New Smart Information System" sets accessing permission for specific employees.
4. Complete information data protection, and internal access control
5. Complete education to ensure employees understand the responsibility of data security.
♦ Information Security
I. Drawing and Data Security Policy
(1). Use Document Encryption System for sharing data to suppliers, where access frequency, and expiration date are set.
(2). All suppliers use encrypted files
II. Mail Security
(1). All out-going & incoming e-mails are scanned for virus, spam mail detection, malicous mail
(2). Mails are automated backup and kept for 10 years
(III). Server Secuity Policy
(1). Server Policy:
-- a. Active backup and Offline backup
-- b. Automatically patch latest update
-- c. Automatically patch server.
(2). Internet Policy:
-- a. All Non-Company 3C devices must be approved to connect to internal network
-- b. Proxy has a black list and can block access to suspicious websites
-- c. Firewall only opens up certain ports for specific service.
(3). Computer User Policy:
-- a. Computers will patch automatically to the latest update
-- b. Users cannot install un-authorized software
-- c. Users can read files in the USB but personnel are unable to store files in the USB.
-- d. Cloud desktop to centralize all data storage on the server
♦ Network security management
All files and drawings in the factory are encrypted by importing encryption software. If they need to be read, they can only be viewed by DCC after reviewing their permissions. For those who access high-level process drawings, they will operate in the review room of an independent network segment. There is a 24-hour access control and monitor in the review room to record the content of read by the staff. FITI fully deploys anti-virus software and WSUS in the factory, and regularly updates and monitors to ensure that the latest version is used. The whole host is backed up every day and the files are stored offline. The host backup file restoration drill and data verification are carried out every quarter. Important network equipment is placed in the computer room, and entry requires double-pass authentication and records are kept. Information security awareness and education and training are regularly promoted to staff and the information security policy and risk assessment are regularly audited every year. Quarterly data restoration are verified.
The user's online behavior has a specific filtering mechanism, and the USB external device is strictly controlled. It can be set to read data, but it cannot be written. Sending and receiving emails should be controlled by the spam monitoring system, and the email threat security mechanism should be set to prevent malicious virus attacks. For customer privacy and information security, FITI takes necessary management policies and protection measures to prevent unauthorized use and disclosure.
◎ Implementation effect: no customer complaints and full customer trust have been obtained. FITI operates successfully and strives for more orders for the company.