Information Security

Cameo Communications attaches great importance to information security and has established a complete information security and data protection mechanism to avoid risks such as confidential information leakage or data damage. It has internally formulated relevant information security prevention and control mechanisms, application technologies, and data security standards. A data backup mechanism is established for the Company’s important systems, and restoration tests are carried out from time to time every year to ensure that the information system can be restored normally, thereby reducing the risk of system interruption caused by unwarned natural disasters or human negligence, and ensuring that the system restoration goals set by the Company are met。

Cameo Communications’ current information security measures are implemented in accordance with the Group’s information security policy. The Group regularly holds online information security management and control meetings, with the participation of information security personnels from each subsidiary within the Group. Each meeting has specific information security topics, and each subsidiary is required to submit relevant documents and provide explanations during the meeting. Cameo Communications joining the Group’s information security management system can effectively enhance the Company’s information security capabilities, protect the confidentiality, integrity, and availability of company information, and prevent improper use, leakage, tampering, damage, or loss of company assets in the event of human negligence, deliberate destruction, or natural disasters, which could affect company operations or harm company interests. No information security incidents occurred during the year。

Policies / Commitments
  •  Strengthen personnel awareness
  •  Avoid data leakage
  •  Implement daily maintenance
  •  Make sure the service is available
Targets Short term
  • Upgrade the AD and Exchange systems to improve protection capabilities and ensure that the information system and network environment comply with security implementation standards。
  • Upgrade mail spam system, setting up a mail cloud-based anti-virus fingerprinting protection system as well as MailLog email archiving and audit system to comprehensively enhance email protection capabilities and prevent malicious email attacks。
  • Establish a software and hardware asset management system to ensure the use of legally authorized software, enhance corporate goodwill, and avoid intellectual property infringement。
Medium to
long term
  • Conduct information security education and training to promote employees’ awareness of information security and strengthen their understanding of related responsibilities。
  • Protect company business activity information, prevented unauthorized access and modification, and ensured accuracy and completeness。
  • Use legally licensed software and conducted regular internal and external audits to ensure proper implementation of related operations。
  • Ensure that the company’s key core systems maintain a certain level of system availability。
Responsible department/
Grievance mechanism
  • Information Technology Department staff extension 63699
  • Information Technology Department Supervisor email
Resources invested in the
year
  • The Information Technology Department currently has 5 persons in Taipei and 4 in Tainan, a total of 9 persons, who conduct information security risk management and determine the organizational structure, work responsibilities, policy vision, and goals。
  • Completed inventory of existing assets including servers/networks/system permissions/databases and other software and hardware asset systems as a baseline for continuous improvement in 2025。
  • Complete the system upgrade, integration and permission control of files and files to prevent the leakage of confidential files, and implement file backup and offsite storage mechanisms。
  • Upgraded firewall to enhance defence capabilities and ensure information systems and network environments comply with security implementation standards。
  • Complete the inventory and backup of the database to ensure the executability of disaster recovery。
  • In 2024, there were no information security incidents that impacted the company’s operations or violated customers’ privacy。
Evaluation
mechanism/outcomes
  • Conduct security testing, information security health clinics, social security, and information security incident drills every year。
  • Strengthen company colleagues’ information security crisis awareness and information security personnel response capabilities to prevent incidents in advance and effectively detect and prevent the spread at the first opportunity。
  • Regularly announce and promote information security policies, and cultivate colleagues with information security certifications。
  • Conduct information security education and training for all colleagues annually。
  • Report to the board of directors at least once a year to summarize the annual execution information security risk status。
  • No information security incidents that impacted company operations or violated customer privacy occurred during the year。