Corporate Governance

Commitment to Corporate Governance

We adhere to the Corporate Governance Best Practice Principles while ensuring compliance with government laws and regulations as well as relevant provisions of the Articles of Incorporation. In addition, five principles guide our commitment to good corporate governance:

Safeguarding shareholders’ rights and interests
Strengthening the functions of the Board of Directors
Fully utilizing the functions of the Audit Committee and Remuneration Committee
Respecting the rights and interests of stakeholders
Enhancing information transparency

Ethical Governance

Governance and Ethics

Legal compliance with major management policies is the foundation of our corporate operations. We implement corporate governance in alignment with the Corporate Governance Best Practice Principles and the Internal Control Management policies. Simultaneously, the Company has established Ethical Corporate Management Best Practice Principles and a Code of Ethical Conduct to foster an honest corporate culture. These measures clearly stipulate that directors, managers, and employees must adhere to laws and regulations and prevent dishonest behavior to establish a good business environment.

Functions of the Board of Directors

As the Company’s highest governance unit and the center for major business decisions, the Board of Directors’ responsibilities include appointing and supervising the Company’s management, overseeing its business performance, and ensuring compliance with government regulations, the Company’s Articles of Incorporation, and Shareholders Meeting resolutions. ThroughTek’s Board of Directors has formulated comprehensive specifications for its operations to ensure effective corporate governance and supervision functions. These include the Procedures for Election of Directors, Code of Procedures of the Board of Directors, and Scope of Responsibilities for Independent Directors.

Functional Committees

Furthermore, we have established an Audit Committee and a Remuneration Committee under the Board of Directors, and have formulated the Audit Committee Charter and Remuneration Committee Charter, to further strengthen the integrity and comprehensiveness of the corporate governance system.

Risk Management

Risk Management and Internal Control Program

In order to respond to market changes and improve the risk-taking capacity of business strategies, ThroughTek has developed various management measures to define and prevent risks in regard to matters such as ethical corporate management, customer credit management, supplier management, information security management, and procurement management.

We stipulate the necessary judgment items within the internal control system in accordance with the Regulations Governing Establishment of Internal Control Systems by Public Companies. The management control process divides the internal control system into five constituents: 1. Control environment, 2. Risk assessment, 3. Control operations, 4. Information and communication, and 5. Supervision. To examine and evaluate deficiencies in the internal control system and measure operational effectiveness and efficiency, timely improvement suggestions are provided to the Board of Directors and professional managers to ensure its continuous and effective implementation.

In addition, the Internal Audit Implementation Rules have also been formulated to establish and improve the internal audit process, including for the head office and overseas subsidiaries. Internal audits are carried out regularly and intermittently according to plan, and audit reports are submitted to management to ensure corporate governance and operational effectiveness.

Establishment of a Sustainability Promotion Committee

In 2023, we officially established the Sustainability Promotion Committee to convey corporate sustainability concepts and fulfill our responsibilities as a global citizen in corporate management. The committee operates to implement measures to protect the rights and interests of stakeholders, manage risks, and promote the Company’s overall corporate social responsibility policies with a commitment to sustainable development in economic, environmental, and social terms.

The Sustainability Promotion Committee formulates working methods based on the Company’s Sustainable Development Best Practice Principles. It comprises the Sustainability Promotion Office and three functional teams covering Environmental (E), Social (S), and Governance (G) concerns. At the same time, a Risk Control Team has been expressly established to address the Company’s characteristics as an information service and cloud service solution provider.

The functions and powers of the Sustainability Promotion Committee include:

Formulation of the Company’s sustainable development policies.
The Company’s sustainable development, including the formulation of goals, strategies and implementation plans for sustainable governance, ethical corporate management, and environmental and social matters.
Review, track, and revise the Company’s sustainable development implementation status and results, with regular reporting to the Chairman.
Paying attention to issues of concern and supervision of communication plans with respect to all stakeholders, including shareholders, customers, suppliers, employees, governments, non-profit organizations, communities, and the media.
Handling other corporate sustainable management matters as assigned by law or by the Board of Directors.

Information Security Management

Commitment to Information Security Management

Information security control must be meticulous in the context of information service industry characteristics and in confronting digital transformation and cloud trends. Information security protection is the foremost requirement for companies providing cloud services, with no room for compromise in safeguarding customer information and user privacy. A substantial amount of information is exposed in an Internet of Things (IoT) environment, where users control devices via mobile phones or transmit crucial data between end-to-end through network channels. As a pioneer in IoT cloud services, ThroughTek must rigorously oversee and safeguard both customers and users.

We have implemented a number of information security measures to thwart intrusions and sabotage by hackers, viruses, and so on. Additionally, we enhance colleagues’ awareness of information security to prevent internal employees from inappropriately handling or illegally using confidential information and avoiding human errors and accidents. We have established comprehensive IT systems operation monitoring and maintenance mechanisms (including the Kalay cloud service platform) to ensure that the confidentiality, integrity, availability, and legality of information service operations and information assets are protected.

We have published an Information Security White Paper to fulfill the above commitments and have additionally established a Product Security Incident Response Team (PSIRT). The PSIRT is responsible for handling information security incidents related to our products and services, including monitoring, assessing, mitigating, and publicly reporting on the security status of our products.

Information Security Management Certification

Having obtained international certification for ISO 27001:2013 information security management, we comply with ISMS 2013 specifications. Our Information Security Policies serve as the framework, with 14 management procedures covering various aspects such as access control, communication security, system development and maintenance, information security incident management, operational continuity management, and operational safety management. We undergo regular or intermittent audits from internal and external security review executives annually, conduct systematic data backup and disaster prevention drills, and periodically conduct information security attack drills and employee education and training to ensure the quality of service provided to ThroughTek’s customers.

Personal Privacy Information Protection Policy

We adhere to a clear Privacy Protection Policy concerning personal privacy information protection. This Policy describes the information collected when users utilize ThroughTek products and services, browse the website, or fill out forms. It outlines the content, reasons, and methods for collecting and using private information and ensures legal and reasonable limits for browsing, transmitting, retaining, and disclosing users’ personal information. This approach guarantees that users understand the personal information collected and their associated rights and interests comprehensively.

Cloud Maintenance and Security Protection

All servers are equipped with firewalls to comprehensively implement ISMS 2013 information security management measures, specifically cloud server protection. The Cloud Operations Team (OP Team) ensures continuous 24/7 shift monitoring throughout the year. Moreover, our cloud infrastructure service providers have real-time monitoring mechanisms. Any abnormal operating conditions prompt immediate notification for inspection, confirmation, and reporting to uphold service efficiency and information security reliability for our customers.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. Like many websites, TUTK analyzes log file information and other data collected through cookies, web beacons, and other tracking technology, to collect information about your browsing behavior when you visit our website, including for example, your browser type, domains, page views, IP address, referring/exit pages, information about how you interact with our websiite’s webpages and with third-party links, traffic and usage trends on the service, etc. We use session cookies to keep you logged in while you use features of our websites; these disappear after you close your browser. We also use persistent cookies, which stay in your browser and allow us to recognize you when you return to our websites. We use this to remember your information so you will not have to re-enter it, to better understand how you use our website and products and services. In some of our email messages, we use a “click-through URL” linked to content on the Site. We track this click-through data to help us measure the effectiveness of our customer communications. We also use third-party analytics tools (including Google Analytics) to assist us with analyzing and improving our service. Most Internet browsers automatically accept cookies, but you may be able to change the settings of your browser to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you set your browser to reject cookies, parts of our websites may not work for you. Please note, depending on your type of device or browser, it may not be possible to delete or disable all tracking mechanisms on your device.