Brogent Technologies, Inc. – Flying Theatre Manufacturer

ESG
Corporate Governance

Information Security




The information technology dissemination model changes with each passing day. If information security vulnerabilities are exploited by hackers and causes customer information to be leaked, it will further affect customers' trust or loyalty to the Company, or cause the Company to be fined or face other legal consequences for violating relevant laws and regulations. All of these situations might affect the Company's external image and reputation. Information security risk management and taking appropriate measures can effectively reduce the Company's potential financial losses and legal risks. It will also protect the Company's reputation and avoid potential negative impacts, creating a positive effect on protecting the economy, society and business partners, as well as the rights and interests of the Company and customers.

Therefore, Brogent continues to improve information security governance and strengthen information security capabilities. All information operations not only comply with international information security standards, but also comply with domestic and overseas laws and regulations on personal data protection and information security. The Company's information security unit is the Information Technology Department, and dedicated information security personnel are appointed in accordance with the "Information Security Management Guidelines for TWSE/TPEx-listed Companies." The department is responsible for formulating the Company's Information Security Policy, planning information security measures, and carrying out information security-related operations to ensure proper protection of the Company's confidential information, trade secrets, and personal data.

Information Security Policies
Ensure the confidentiality, integrity, availability, and compliance of the core system's management operations, and identify and assess qualitative or quantitative risks based on the importance of the assets, in order to control and verify the implementation effectiveness of information security management and whether information security goals are achieved.



Information Security Management Structure
Brogent established the Information Security Committee to reduce the probability and impact of information security threats, and also improve the Company's ability to continue as a going concern. The president serves as the chairman of the committee, which meets once a year. We also referenced the spirit of ISO 27001 Information Security Management System, and use the PDCA cycle to ensure the achievement of information security management goals and continuous improvement.





Information Security Measures



Improve Information Security Prevention Awareness
Brogent regularly plans annual information security drills and protection promotion plans every year. Attendees include the head of the Information Technology Department, the head of the Audit Office, the heads of each center, and the chairman. Results of the information security phishing drill are reviewed during the meeting. Brogent promotes the information security policy to all new employees. In addition to organizing information security awareness training every year, Brogent provides enhanced training for individuals with medium and high risk behavior during the phishing drill to identify risks. After the course, we designed information security awareness test items suitable for the Company's industry characteristics, environment, and culture according to testing standards for the telecommunications industry, in order to test the effectiveness of training, and 100% of employees received a full score on the test after training in 2023.


Personal Data Protection
We promote personal data protection during the course on the "Employee Code of Conduct," and use actual cases to let employees understand the importance of personal data protection. The Personal Data Protection Task Force periodically examines whether the Company collects, processes, and uses personal data in accordance with the "Personal Data Protection and Management Rules," and destroys personal data that no longer needs to be retained each year.