Information Security Policy Statement

[Preface] In the process of moving towards smart manufacturing and digital twins, information security is the cornerstone of sustainable corporate operations. To protect customer privacy, partner confidentiality, and maintain the company's high-quality services, this Information Security Policy is formulated to demonstrate public trust and for all colleagues to follow together.

1. Purpose

1.1 Victor Taichung Machinery Works Co., Ltd. (hereinafter referred to as "the Company") has formulated this policy specification to strengthen information security management and ensure the confidentiality, integrity, and availability of its information assets. This provides an information environment for the continuous operation of the Company's information business, complies with relevant laws and regulations, and protects it from internal and external deliberate or accidental threats.

2. Scope of Application

2.1 All units of the Company.

3. Definition

3.1 All Personnel: Company personnel and outsourced vendors.

4. Vision and Objectives

4.1 Information Security Policy Vision:

4.2 Based on the Information Security Policy vision, the information security objectives are formulated as follows:

4.2.1 Conduct information security education and training to promote personnel's information security awareness and strengthen their understanding of relevant responsibilities.

4.2.2 Protect the Company's business activity information from unauthorized access and modification to ensure its correctness and integrity.

4.2.3 Periodically conduct internal and external audits to ensure that relevant operations are effectively implemented.

4.2.4 Ensure that the Company's critical business systems maintain a certain level of system availability.

4.3 Performance Monitoring and Measurement:

4.3 For the aforementioned information security objectives, annual to-do lists, required resources, responsible personnel, estimated completion times, evaluation methods, and evaluation results should be formulated. Relevant monitoring and measurement procedures shall be handled in accordance with the Company's "Monitoring and Measurement Management Procedure Statement".

4.4 The Information Security Execution Team shall report the measurement results of the effectiveness of information security objectives to the convener of the Information Security Committee during the management review meeting.

5. Responsibilities

5.1 The Company's management establishes and reviews this policy.

5.2 The Information Security Execution Team implements this policy through standards and procedures.

5.3 All personnel must follow relevant security management procedures to maintain the Information Security Policy.

5.4 All personnel have the responsibility to report information security incidents and any identified vulnerabilities.

5.5 Any behavior that compromises information security will be subject to civil, criminal, and administrative liability depending on the severity of the circumstances, or punished according to the relevant regulations of the Company.

5.6 The Information Security Policy shall be communicated to internal and external personnel, and can be conveyed through internal announcements, the official website, email, etc.

6. Review

6.1 This policy shall be reviewed at least once a year to reflect the latest developments in government regulations, technology, and business, ensuring the Company's sustainable operations and information security practical operational capabilities.

6.2 The Information Security Policy shall be reviewed if major changes occur within the Company.