Corporate governance

1. Information Security and Risk Management Architecture.

◆The Company has an Information Security Committee which regularly reviews its security policies and reports to the Board of Directors on the information security and risk management situation to assist their supervision and management of the Company's operations.

◆Duties and responsibilities of the Information Security Management.

1. Appointment：

       1) The Chairman of the committee is the Company President.

       2) In order to strengthen the information security management system,the position of the management representative is appointed by the

           Company President and is appointed to the Senior Director of the IS/IT Department.

          The effectiveness of the implementation is regularly reviewed.

       3) Executive members are served by the heads of each department.

2. Authority and Responsibilities：

       1) Chairman：Supervise the establishment of "Information Security Management System" in all units of the company.

       2) Management Representative：

           A. Responsible for the execution of the company's Information Security Management System.

           B. Report to the company's management or the Chairman of the Committee on the implementation of

               the company's Information Security Management System.

           C. Coordinate with various internal departments on the implementation of Information Security Control.

       3) Executive members：

           A. Responsible for the establishment, promotion and implementation of the department's systems.

           B. Supervise the establishment of an "Information Security Management System" for the core business of the department.

2. Information Security Policy.

　◆Security regulations and measures must be in place for information related to Chilisin’s new business activities.

　◆All information assets are used for the company's business needs only and are not to be used for any other purposes.

　◆Information assets are not to be used for illegal activities.

3. Specific Management Plan.

　◆The company is equipped with advanced network defense systems, anti-virus software, data backup and other security measures.　

   ◆Frequently, the IS/IT departments analyses the external security incidents,

      and update the internal systems to enhance system security and protection.　

    ◆Strengthen the company staff’s information security crisis awareness and host regular annual Information security training and education courses.