| Sustainability Performance Indicators | 2025 Performance | 2025 Target | 2026 Target | 2030 Target |
|---|---|---|---|---|
| Number of Information Security Incidents | ✔0 cases | 0 cases | 0 cases | 0 cases |
| Number of Complaints Regarding Customer Privacy Infringement or Data Loss | ✔0 cases | 0 cases | 0 cases | 0 cases |
Information Security
Personal Data Protection
Information Security
Information Security Policy
In order to ensure the confidentiality, completeness and availability of company information, Etron has formulated and established an information security policy as a guideline for information security management in accordance with requirements of company operation and relevant laws and regulations, and implements management procedures through the operation of the internal information security organization. In addition, employees should establish information security risk awareness, and use management procedures and security protection technologies to achieve the security goals of information collection, processing, transmission, storage and circulation.
Information Security Organization, Members, and Oversight
- Information Security Committee: The Company has a committee dedicated to information security. Its responsibilities include creating and reviewing security policies, allocating resources, and assessing the effectiveness of security measures. Senior executives act as management representatives, ensuring coordination and promotion of information security management. The committee holds regular security meetings and reports to the Board of Directors annually.
- Executive Secretary and Members: A dedicated information security manager serves as the committee’s executive secretary, providing assistance in related tasks. Department heads from Administration, Research and Development, Legal, Information, and Operations join as committee members, actively contributing to the development and implementation of information security projects and measures.
Human Resources Security and Information Security Education Training
- The Company integrates information security into its personnel management processes, such as hiring, changes, and terminations. This ensures that employees are capable of implementing relevant security measures in their roles, reducing potential security risks.
- Regular education and training are provided to employees based on their job responsibilities and the current information security landscape. This promotes awareness of information security among the workforce and enhances the company’s overall security level.
- The company offers specialized courses or training for dedicated personnel to strengthen the skills of information security management staff and improve the company’s overall capability in managing information security.
- Employees receive periodic information security advisories to raise awareness and maintain vigilance. These advisories serve to keep employees informed and alert about potential security threats.
Identification of Information Assets, Risk Assessment, and Resource Allocation
- The Company regularly identifies and protects its assets based on their importance. This involves collecting and classifying information assets, reviewing their confidentiality, availability, and integrity, assessing vulnerabilities and threats, and creating risk management plans. The Company tracks these enhancement plans until improvements are implemented.
- In response to external security threats, the company continually strengthens its measures. This includes enhancing existing protection mechanisms and implementing additional safeguards such as Endpoint Detection and Response (EDR) software, as well as using multi-factor authentication (MFA) and other solutions.
Information Security Incident Reporting and Response
- Etron participates in domestic joint cyber defense organizations to obtain and share information security intelligence for timely response measures.
- Simulated drills are conducted for incidents that may impact operations. For the Company’s information security incidents, each department shall report according to responsibilities and the incident classification mechanism when an incident occurs, take appropriate measures according to the formulated response plan, record the handling process and results properly, and report to the Information Security Committee.
Policy Adjustment and Revision
This policy is regularly reviewed by the Information Security Committee to ensure that it aligns with relevant laws, technology advancements, business developments, and current circumstances. The goal is to ensure that the policy remains appropriate, sufficient, and effective.
Implementation Status
Etron has implemented a complete ISO 27001 Information Security Management System (ISMS). In June 2024, the Company passed third-party verification and obtained the certificate, valid until June 2027. The Company reduces corporate information security threats from system, technical, and procedural aspects, establishes an information security protection environment that meets customer needs, and continuously carries out the “Plan-Do-Check-Act” (PDCA) cycle for continuous improvement.
ISO 27001:2022 Certificate

Personal Data Protection
Personal Data Protection Policy and Management Principles
Etron attaches great importance to personal data protection, strictly complying with the “Personal Data Protection Act” and the “Enforcement Rules of the Personal Data Protection Act”. We have established the “Etron Personal Data Management Guidelines” to rigorously manage the privacy and security of personal data. We respect the rights and interests of data subjects and adhere to the principle of “collection, processing, and utilization within the necessary scope of specific purposes.”
Collection Units and Information Security Protection Measures
- Clarification of Roles and Responsibilities:
Defining personal data collection units to include: (1) HR and Occupational Safety and Health Department, (2) Stock Affairs and Finance Department, (3) IT Department, and (4) Others who need to obtain data due to business attributes. Each unit must confirm the integrity and accuracy of the data and maintain detailed records based on the principles of correction, supplementation, and deletion upon expiration. - Rigorous Information Security Controls:
If personal data files are stored in automated machinery (e.g., servers, computers, hard drives), encryption and authority management systems are established. For important personal data (as determined by first-level supervisors), additional control passwords are set, and access is prohibited without approval and authorization. - Scope of Application and Confidentiality Commitment:
These guidelines apply to all Etron employees and customers. Except within the scope regulated by law, we will never disclose personal data to third parties by providing, leasing, or other disguised means.
Management Organization and Operation
To effectively manage privacy risks, the Company has established the “Etron Personal Data Management Task Force” as the unit for formulating and implementing guidelines. Through regular meetings and issue-oriented ad hoc meetings, a cross-unit communication platform is established to collect the latest regulatory information and audit the effectiveness of various personal data protection measures.
2025 Implementation Results
- Education and Training Effectiveness:
Conducted personal data protection training for new employees, with a completion rate of 81.25%. - Deepening Compliance Awareness:
Held courses on human rights protection, including trade secret protection, information security awareness, and integrity management. The total learning hours reached 379 hours, with a total of 513 participants. Both the pass rate of post-training tests and the percentage of trained employees were 100%. - Risk Management and Zero Penalties:
This year, a total of 0 reported cases were received via email, reporting hotline, or written reports, and no incidents violating the Personal Data Protection Act occurred.