Information Security Policies

1. Objectives

To strengthen the information security management of MACHVISION Inc Co., LTD (hereinafter referred to as “our company”), and assure the confidentiality, integrity, and availability of all assets and information, meet the requirements of relevant laws and regulations, protect them from deliberate or unexpected internal and external threats, the policy is therefore established.

2. Scope of application

(1)The scope of application of this policy covers all employees of our company, outsourced companies, and visitors, etc.

(2)The scope of information security management covers the following areas, to prevent any possible risk and danger from improper use, leak, tampering, and destruction of information due to human errors, deliberate damage or natural disasters, etc. The management items are as follows:

a. Establishment and evaluation of information security policies.

b. Establishment and operation of the information security organization.

c. Classification, rating, and control of information assets.

d. Management of information security risks.

e. Personnel security management and education and training.

f. Physical and environmental security.

g. Communication and operation security management.

h. Access control security.

i. Compliance of unit policies to relevant legal regulations.

3. Goals

To assure the confidentiality, integrity, and availability of our company's assets, and protect the security of user data privacy. All employees of our company make efforts together to achieve the following goals:

(1)Protect the security of information of our company's R&D, business, production, and services, and assure that the information can only be accessed by authorized personnel to protect its confidentiality.

(2)Protect the security of information of our company's R&D, business, production, and services, and prevent unauthorized modification to ensure accuracy and integrity.

(3)Ensure that the implementation of all our company's operations and services comply with the requirements of relevant laws and regulations.

4. The organization for Information Security

The Company has established an information security management committee, with the top head of the information department as the committee chairman, and is composed of network service members who implement the information security plans. The committee is responsible for external information risk assessment and resource introduction assistance, information security system establishment, information security supervision and audit, and continuous enhancement of information security concepts and awareness.

5. Information security measures

6. Continuous improvement framework

The operation adopts PDCA (Plan-Do-Check-Act) cyclic management mode to ensure the attainment of goals and continuous improvement

7. Implementation and status of information security

MACHVISION is a team based on IT research and development, so it especially emphasizes and maintains the key competitiveness of research and development, in addition to the anti-virus and anti-hacking protective measures for software and hardware that many other companies have implemented.

As of 2020, the implementation of three-level information security has been completed, as described below:

(1)Data encryption management:All company data files, graphics files, and software programs are encrypted and managed. If any report and data related to customer and supplier is needed, it requires the application for approval and decryption. Only in this way, external customers and suppliers can read the report, to enable the attainment of business activities and provision of related services from the suppliers.

(2)Strengthen the security of the network environment:Presently, in the R&D department of the high-level information security area restriction is put on any information equipment of personal operation, and any external computer and hardware equipment is restricted from connecting to the internal environment of MACHVISION, and the computer equipment of personal operation will also be blocked due to improper operation and use.

(3)USB Company-wide control of the use of USB:However, it is inevitable for sales and customer service to need assistance in data analysis, and the IT department provides public computers on all floors that will scan for viruses before uploading data.

(4)Implementation of instrumentation panel management platform as the interface of information security inspection

Recently, many large companies have suffered from malicious software and computer virus attacks, which are in a complicated situation. The awareness of information security protection continues to increase. With the training and real-time assistance from the frontline information security companies, it reduces the risk of MACHVISION’s commitment to customers and shareholders and the adverse effects on operational results, finance, and prospects.

2021 Annual performance goals:

(1)Continue to implement and improve information security.

(2)Improve company-wide anti-virus software update and backup operation.

(3)Provide regular internal and external training for information security.

8. Information Security Risk Management Organization

The Company has established a risk management committee for information security risks, with the top head of the information department as the committee chairman and is composed of network service members who implement the information security plans. The committee is responsible for information security system establishment, technology introduction, and information security supervision and audit.

The committee is responsible for conducting information security and cyber risk assessment processes, risk analysis based on the impact levels and probabilities, and corresponding management mechanisms for high-risk environments and systems, and establishing the highly reliable architecture such as data backup and remote backup structures to mitigate the impact of information security incidents.

The committee is responsible for formulating and regularly reviewing information security policies, including information security incident reports and response mechanisms. It shall also regularly report information security inspections to the Board of Directors.

The committee’s most recent assessment report was published on November 27, 2020. The information security risk assessment covered: (1) External information security protection equipment, (2) Endpoint information security management and control, (3) Document security encryption inspection, (4) Network service activities review, and (5) Remote backup mechanism. The executive summary for the 2020 report years is as follows:

a. For external information security protection equipment: Upgrade the network firewall equipment, and import the automatic statistical analysis feature to manage the situation information platform.

b. For remote (off-site) backup mechanism: Upgrade ERP important host system to obtain high reliability and virtual server structure, and upgrade the backup servers to improve execution results.