Important Corporate
Documents

I. About Major Internal Policy:

      ■Articles of Incorporation (English version)

      Regulations Governing of Making Endorsements/Guarantees

      ■Regulations Governing of Loaning of Funds

      ■Regulations Governing for the Acquisition and Disposal of Assets

      ■Code of Conduct for Suppliers

      ■Regulations Governing Management of Transactions with Related Parties      

II.  About Board of Directors, Shareholders' Meeting Policy:

      ■Procedures for Election of Directors (English version)

      ■Regulations Governing the Procedures for Board of Directors Meetings (English version)

         Rules Governing the Scope of Powers of Independent Directors

      ■Procedures for the Board of Director's Performance Evaluation

      ■Rules of Procedure for Shareholders' Meetings (English version)              

III. About Functional CommitteePolicy:   

       Remuneration Committee Charter

       Audit Committee Charter  

IV. About  Corporate Governance Policy:

      ■Principle for Ethical Corporate Management Best Practice and Guidelines for Codes of Ethical Conduct

      ■Ethical Corporate Management Best Practice Principle

      Corporate Governance Best-Practice Principles

      Procedures for Evaluating the CPA's Independence and Competency

         Regulations Governing Procedure for Whistle-blowing

V. Promotion of the Prevention of Insider Trading:

       The Company carries out educational promotion on new directors and managerial officers within 3  months of their appointment. Educational promotion of the “Procedures for Handling Material Inside Information and Management of the Prevention of Insider Trading” and applicable laws and regulations shall be carried out on current directors, managerial officers and employees at least once a year. For applicable operational procedures, please refer to Procedures for Handling Material Inside Information and Management of the Prevention of Insider Trading.

     

      The Corporate Governance Best Practice Principles" have been revised, specifying that insiders of the Company (including directors) shall not engage in trading their stocks from the date of receiving the Company's financial report or related performance information, during the 30 days prior to the announcement of the annual financial report and the 15 days prior to the announcement of each quarterly financial report. The schedule of Board of Directors meetings will be prearranged, and notify internal individuals (including directors) that trading of the company's stocks is prohibited during the Lock-up Period period.

     

      The Company carried out the educational promotion of the “Material Inside Information and Management of the Prevention of Insider Trading” on the current 11 directors for a total of 84 training hours, the content of the course includes promotion regulations of insider trading and related legal responsibility. Please refer to the Market Observation Post System for the name of the course. the Company carried out the education and training of the “Operational Procedures for Material Inside Information and Management of the Prevention of Insider Trading” on the employees with a total of 1108 employees taking part for a total of 1550 training hours.

VI. Information security management policy:

    In terms of information security management policy, the Company has established the “Procedure for    Information Operations Management” and set up an information security organization according to the       procedures. The “Information Technology Division” is currently the information security organization which is responsible for relevant measures such as the establishment and implementation of information security policies, safety notification and emergency planning for disaster response and recovery, and immediately report the current situation to Deputy General Manager of the General Management Office and General Manager of the Group when necessary.

   In terms of the Company’s hardware devices for preventive measures on information security risk, apart from maintenance by the information technology department, the Company also annually signs maintenance    contracts related to servers and firewalls with manufacturers to ensure proper operation of hardware devices. 

   In terms of software devices, the Company’s monthly ERP system is inspected by the consultant company for system performance, necessary corrections, and update of anti-virus software and network control settings.

   For information related software and hardware devices, the Company has also established provisions such as the “Regulations Governing the Use of Computer Software”, “Application Procedures for Computer/System Accounts” and “Regulations Governing the Use of Computer Devices” to effectively manage the use of information resources, and effectively implement the reduction of information security risks through internal audit management. In addition, for the Company’s information security high-risk system, apart from the annual auditing on system authority and accounting of major systems including the “Supplier Payment”, “Customers’ Credit Management”, “Accounts Receivable” and “Accounting Management” by the internal unit - audit office, the Company also designate an external unit - “Risk and Control Services division of PwC Taiwan” to conduct annual inspections, in order to ensure no violations of the Company’s regulations and reduce security risk.

   Furthermore, the Company has also set up the “Regulations Governing the Protection of Personal Information” for the protection and management of personal information (hereinafter referred to as “personal info”) in accordance with relevant laws on personal information protection, in response to the risks of changes in information technology and operating environment. The applicable subjects and scope, authorities and      responsibilities of relevant units and personnel, the procedures for handling personal information, and         information security audit.

    With the fast development of information technology, the maintenance of information security is becoming more difficult. The Company’s security risks can only be controlled within the acceptable range of its operations by adhering to the management procedures and by reviewing and adjusting defects in operating    procedures when necessary in order to benefit the Company’s operations.

Back to Corporate Governance