▋Management Policy

Shieh Yih Machinery formally established the “Information Security Team” in 2023 to oversee the planning, implementation, education, and promotion of information security policies, thereby enhancing the Company’s overall information security capabilities. The Team is dedicated to establishing and continuously optimizing security protection mechanisms, covering areas such as network security, endpoint devices, user activity monitoring, and data backups, in order to build a multi-layered, defense-in-depth framework. The structure of the Information Security Team is as follows:

The Information Security Team conducts regular cybersecurity training and social engineering awareness drills to enhance employees’ awareness and response capabilities to potential risks. Through meticulous planning and continuous improvement measures, the Company ensures that its information systems operate in a secure and stable environment, thereby fostering a reliable and resilient IT environment that supports the Company’s long-term sustainability goals.

▋Cybersecurity Measures and Achievements

▌Cybersecurity Measures

1. Network security control
   ． Implement firewalls to prevent external attacks.
   ． Deploy Web Application Firewall (WAF) protection.
   ． Prohibit non-company devices from accessing the Company’s internal network.
   ． Manage and control internal Wi-Fi connection mechanisms.
2. Endpoint Protection
   ． Regularly update Windows systems and antivirus software signatures.
   ． Control the use of USB drives and other external storage media.
   ． Manage commercial software licensing and installation.
   ． Conduct regular system vulnerability scans to identify potential risks.
3. User Account Management
   ． Manage employee accounts upon onboarding and resignation.
   ． Enable multi-factor authentication (MFA) for employee accounts and promote a zero-trust architecture.
4. Data Backup Management
   ． Establish a comprehensive backup mechanism and perform daily backups.
   ． Regularly conduct backup recovery drills and verify file integrity.
5. Incident Response Measures
   ． Conduct annual disaster recovery (DR) drills.
6. Employee Information Security Management and Awareness
   ． Provide monthly cybersecurity awareness programs.
   ． Conduct annual social engineering drills to strengthen employees’ cybersecurity awareness.
   
   

▌Achievements of Information Security Management Plans and Resource Allocation

• No information security incidents occurred in 2024.
• Enhanced the Group’s remote data backup mechanisms.
• Strengthened the redundancy of the Group’s network equipment.
• Conducted two cybersecurity training sessions with an attendance rate of 96%.
• Delivered monthly cybersecurity awareness campaigns.
• Held regular social engineering drills, with 99% of employees meeting the required targets.
• Conducted regular disaster recovery (DR) drills.
• Performed regular system vulnerability scans.
• All information security personnel completed 16 hours of external cybersecurity training annually, achieving a 100% completion rate.
  
  

▌ 2025 Cybersecurity Plan

• Network Security Management: Strengthen firewalls and Web Application Firewall (WAF) protections to prevent external intrusions, while strictly managing internal network and Wi-Fi authentication mechanisms to prohibit non-company devices from accessing the corporate network.
• Endpoint Protection: Regularly update operating systems and antivirus software, restrict the use of external storage devices, and enhance the management of licensed commercial software and system vulnerability scans.
• Account and Access Management: Establish robust account lifecycle management processes for employees, fully implement multi-factor authentication (MFA), and promote a zero-trust architecture to mitigate risks.
• Data Backup and Recovery: Perform daily backups and regularly validate the accuracy and recoverability of backup files to ensure data continuity.
• Incident Response and Drills: Conduct annual disaster recovery (DR) drills to strengthen emergency response capabilities.
• Employee Cybersecurity Awareness: Continue monthly cybersecurity awareness programs and conduct annual social engineering drills to reinforce employees’ security awareness and response capabilities.

Shieh Yih remains committed to implementing its information security policies to the highest standards, ensuring stable business operations and safeguarding customer data.