Commitment to Corporate Governance
We adhere to the Corporate Governance Best Practice Principles while ensuring compliance with government laws and regulations as well as relevant provisions of the Articles of Incorporation. In addition, five principles guide our commitment to good corporate governance:
- Safeguarding shareholders’ rights and interests
- Strengthening the functions of the Board of Directors
- Fully utilizing the functions of the Audit Committee and Remuneration Committee
- Respecting the rights and interests of stakeholders
- Enhancing information transparency
Governance and Ethics
Legal compliance with major management policies is the foundation of our corporate operations. We implement corporate governance in alignment with the Corporate Governance Best Practice Principles and the Internal Control Management policies. Simultaneously, the Company has established Ethical Corporate Management Best Practice Principles and a Code of Ethical Conduct to foster an honest corporate culture. These measures clearly stipulate that directors, managers, and employees must adhere to laws and regulations and prevent dishonest behavior to establish a good business environment.
Functions of the Board of Directors
As the Company’s highest governance unit and the center for major business decisions, the Board of Directors’ responsibilities include appointing and supervising the Company’s management, overseeing its business performance, and ensuring compliance with government regulations, the Company’s Articles of Incorporation, and Shareholders Meeting resolutions. ThroughTek’s Board of Directors has formulated comprehensive specifications for its operations to ensure effective corporate governance and supervision functions. These include the Procedures for Election of Directors, Code of Procedures of the Board of Directors, and Scope of Responsibilities for Independent Directors.
Furthermore, we have established an Audit Committee and a Remuneration Committee under the Board of Directors, and have formulated the Audit Committee Charter and Remuneration Committee Charter, to further strengthen the integrity and comprehensiveness of the corporate governance system.
Risk Management and Internal Control Program
In order to respond to market changes and improve the risk-taking capacity of business strategies, ThroughTek has developed various management measures to define and prevent risks in regard to matters such as ethical corporate management, customer credit management, supplier management, information security management, and procurement management.
We stipulate the necessary judgment items within the internal control system in accordance with the Regulations Governing Establishment of Internal Control Systems by Public Companies. The management control process divides the internal control system into five constituents: 1. Control environment, 2. Risk assessment, 3. Control operations, 4. Information and communication, and 5. Supervision. To examine and evaluate deficiencies in the internal control system and measure operational effectiveness and efficiency, timely improvement suggestions are provided to the Board of Directors and professional managers to ensure its continuous and effective implementation.
In addition, the Internal Audit Implementation Rules have also been formulated to establish and improve the internal audit process, including for the head office and overseas subsidiaries. Internal audits are carried out regularly and intermittently according to plan, and audit reports are submitted to management to ensure corporate governance and operational effectiveness.
Establishment of a Sustainability Promotion Committee
In 2023, we officially established the Sustainability Promotion Committee to convey corporate sustainability concepts and fulfill our responsibilities as a global citizen in corporate management. The committee operates to implement measures to protect the rights and interests of stakeholders, manage risks, and promote the Company’s overall corporate social responsibility policies with a commitment to sustainable development in economic, environmental, and social terms.
The Sustainability Promotion Committee formulates working methods based on the Company’s Sustainable Development Best Practice Principles. It comprises the Sustainability Promotion Office and three functional teams covering Environmental (E), Social (S), and Governance (G) concerns. At the same time, a Risk Control Team has been expressly established to address the Company’s characteristics as an information service and cloud service solution provider.
The functions and powers of the Sustainability Promotion Committee include:
- Formulation of the Company’s sustainable development policies.
- The Company’s sustainable development, including the formulation of goals, strategies and implementation plans for sustainable governance, ethical corporate management, and environmental and social matters.
- Review, track, and revise the Company’s sustainable development implementation status and results, with regular reporting to the Chairman.
- Paying attention to issues of concern and supervision of communication plans with respect to all stakeholders, including shareholders, customers, suppliers, employees, governments, non-profit organizations, communities, and the media.
- Handling other corporate sustainable management matters as assigned by law or by the Board of Directors.
Information Security Management
Commitment to Information Security Management
We have implemented a number of information security measures to thwart intrusions and sabotage by hackers, viruses, and so on. Additionally, we enhance colleagues’ awareness of information security to prevent internal employees from inappropriately handling or illegally using confidential information and avoiding human errors and accidents. We have established comprehensive IT systems operation monitoring and maintenance mechanisms (including the Kalay cloud service platform) to ensure that the confidentiality, integrity, availability, and legality of information service operations and information assets are protected.
We have published an Information Security White Paper to fulfill the above commitments and have additionally established a Product Security Incident Response Team (PSIRT). The PSIRT is responsible for handling information security incidents related to our products and services, including monitoring, assessing, mitigating, and publicly reporting on the security status of our products.
Information Security Management Certification
Having obtained international certification for ISO 27001:2013 information security management, we comply with ISMS 2013 specifications. Our Information Security Policies serve as the framework, with 14 management procedures covering various aspects such as access control, communication security, system development and maintenance, information security incident management, operational continuity management, and operational safety management. We undergo regular or intermittent audits from internal and external security review executives annually, conduct systematic data backup and disaster prevention drills, and periodically conduct information security attack drills and employee education and training to ensure the quality of service provided to ThroughTek’s customers.
Personal Privacy Information Protection Policy
Cloud Maintenance and Security Protection
All servers are equipped with firewalls to comprehensively implement ISMS 2013 information security management measures, specifically cloud server protection. The Cloud Operations Team (OP Team) ensures continuous 24/7 shift monitoring throughout the year. Moreover, our cloud infrastructure service providers have real-time monitoring mechanisms. Any abnormal operating conditions prompt immediate notification for inspection, confirmation, and reporting to uphold service efficiency and information security reliability for our customers.