Information Security Policy
Company Information Security Policy
- Ensure the confidentiality of the company’s trade secret (Business secret) and customer data
- Ensure the availability and integrity of the information applications of the core business operations and their support services and equipment
- Ensure the effectiveness and sustainability of the information security management mechanism
Information Security Policy Statement
In order to ensure the sustainable development of the company and fulfill customer commitments, the company had established the company’s information security policies, operating procedures and methods to improve information risk management, strengthen information security management mechanisms, implement information security protection, and improve the level of information security. Make relevant personnel and important partners of the company’s offices following these rules.
Information Security Organization and Responsibilities
- MPI set up an Information Security Organization to handle matters relating to information security and crisis management so as to prevent leakage of business secrets of not only our own, but also those of global partners and our precious customer base. When an emergency occurs, MPI will respond quickly and restore normal operation in the shortest and safest time possible to reduce damages that may occur.
- The Information Security Organization consists of the General Manager, the Information Security Committee, the Management Representative, the Information Security Incident Response, the Information Security Implementation Teams, and the Departmental Information Security Representatives. It also consults with external scholars, experts, and civil professional organizations to strengthen cooperation and experience.
-
- The General Manager serves as the convenor of the information security organization, assigning the Management Representative to oversee the operations of the Information Security Management System. The Management Representative reports to the convenor and the Information Security Committee on the execution details, including the annual operation of the Information Security Management System, plans, and other suggestions or ad hoc proposals.
- In 2024, the dedicated information security personnel are scheduled to convene 24 fortnightly information security meetings, report to the management representative, hold one information security management review meeting, and conduct one board meeting to assess the effectiveness of information security operations.
| Organization Name | Roles and Responsibilities |
|---|---|
| Convenor | The President serves as the convener, responsible for approving, endorsing, and overseeing information security policies, allocating and coordinating security responsibilities, and monitoring the overall effectiveness of information security operations. |
| Management Representative | The Chief Information Officer (CIO) serves as the management representative, responsible for overseeing the operation of the Information Security Management System (ISMS), ensuring compliance with stakeholder and regulatory security requirements, and establishing secure and reliable information processes to safeguard the Company’s business continuity. |
| Information Security Committee | The division-level directors from each business unit serve as committee members, responsible for coordinating cross-departmental information security responsibilities and aligning annual security goals and plans across the organization. |
| Information Security Incident Response Team | Responsible for managing information security incident responses and coordinating with relevant units. Duties include implementing security-related policies, plans, and measures, as well as conducting technical assessments, research, and infrastructure implementation. |
| Information Security Implementation Team | Responsible for the continuous improvement of the information security system. Oversees overall planning and collaborates closely with departmental representatives to ensure the effective execution of all information security operations. |
| Departmental Information Security Representatives | Appointed by each department as seed personnel to support and execute the daily operations of the information security system according to their assigned responsibilities. |
Based on ISO 27001 principles, MPI established an Information Security Management System with formal information security risk assessment and management processes. After establishing the above policies, procedures, and other security measures, MPI can ensure the appropriateness and effectiveness while continuously reviewing and evaluating cyber security regulations and procedures. In addition, our staff receive regular ongoing training in cyber security to maintain MPI’s leadership in security management.
