Sustainable Governance

Information Security Promotion Team Structure 

To enhance the group's information security and corporate competitiveness, the "Information Security Promotion Team" was established in 2021, reporting to the Sustainability and Nomination Committee under the Board of Directors. The team is chaired by the Chief Information Officer (CIO) at the Vice General Manager level, who concurrently serves as the Chief Information Security Officer (CISO). Information security experts from across the group serve as team members, responsible for reviewing and formulating Information Security objectives and policies to prevent incidents that could compromise the group's information systems. Centering on information security and sensitive data protection is fundamental to the company's competitiveness and represents Merry Electronics' commitment to its customers, shareholders, and employees. Operational outcomes are reported annually to the Board of Directors and the Sustainability and Nomination Committee; a report was made to the Board of Directors on 12/2 6, 2024.

Key Aspects of Information Security Management

Management System and Certification Achievements 

Taiwan Headquarters obtained its ISO 27001 Information Security Management System (ISMS) certification in 2021. Following the designation of 2022 as the foundational year for information security and the initiation of short-term, mid-term, and long-term information security plans, MECL and MEVN subsequently obtained ISO 27001:2013 certifications in 2022 and 2023, respectively. Taiwan Headquarters also successfully completed the ISO 27001 transition audit in December 2024, securing the latest ISO 27001:2022 certification. Future plans include promoting the implementation of information security management systems at overseas facilities. and actively promotes security certification mechanisms for various group entities, implementing the core philosophy of "strengthening information security and ensuring sustainable operations".

Information Security Protection Technologies and Innovative Applications

To enhance information security monitoring and threat detection capabilities, Merry Electronics evaluated in 2024 the implementation of an Information Security Incident and Event Management (SIEM) platform. This platform will integrate logs from diverse information security devices and system event data to establish comprehensive threat detection and real-time alerting mechanisms, thereby improving the information security team's response efficiency to potential threats. In response to the increasing complexity of information security threats, Merry Electronics is actively researching and considering the implementation of AI-driven information security applications, including: [Machine learning-based anomaly behavior analysis], [Auto[1]mated threat intelligence analysis], [Predictive defense mechanisms]. Furthermore, MER[1]RY Electronics will plan for the in-house development of an AI cybersecurity bot, utilizing large language model technology combined with the company's proprietary cybersecurity knowledge base, to provide employees with 24/7 uninterrupted cybersecurity advisory services. This AI chatbot not only provides real-time and precise responses to daily information security operational inquiries but also effectively identifies employees' information security knowledge gaps and offers customized recommendations, thus becoming a crucial cornerstone for strengthening the corporate information security culture and an innovative highlight of the company's Digital Transformation and Information Security Governance.

Comprehensive Information Security Management Mechanism

The management procedures and security protection technologies for information security are applicable to all information operations. In the processes of information collection, processing, transmission, storage, and circulation, they ensure the confidentiality, integrity, and availability of information assets. Furthermore, they strengthen response capabilities to information security incidents by establishing operational procedures to mitigate or eliminate damages caused by such incidents and prevent future potential Information Security Incidents. Emphasis is also placed on enhancing proactive information security defense operations and the transformation and establishment of digitized information security, thereby achieving the protection of company, customer, supplier data, and personal data. Additionally, regular promotion and enhancement of information security awareness among all personnel are conducted to reduce human-induced information security risks.

Regular Evaluation and Continuous Improvement

Under the operation of the Information Security Management System, Merry Electronics regularly conducts [Business Impact Risk Assessments], [Internal Information Security Audits], and [Business Continuity Plan Exercises]. These measures ensure the continuous and effective operation of the Information Security Risk Management System. No major information security incidents occurred in 2024, demonstrating the effectiveness of existing protection mechanisms.