Solutions
About Us
ESG
Investors
Contact Us
Careers
Subsidiary
×

Corporate Governance

Purpose

To ensure the confidentiality, integrity, and availability of the information assets of JPC International Co., Ltd. (hereinafter referred to as “the Company”), comply with regulatory requirements, and prevent internal and external threats, the Company hereby establishes this policy.

Scope of Application

This policy applies to all employees, outsourced service providers, data users (including custodians), and visitors.
The scope of information security management covers four major areas: organization, personnel, physical, and technical.
It aims to prevent improper use, leakage, alteration, or destruction of data caused by human error, intentional acts, or natural disasters, which may pose potential risks to the Company’s information security.

Goal

  • To maintain the confidentiality, integrity, and availability of the Company’s information assets, this policy is implemented with the following objectives:
  • Establish a secure and reliable information environment to ensure the safety of Company data, systems, equipment, and networks, thereby safeguarding business continuity.
  • Protect the security of Company services by ensuring access is restricted to authorized personnel, maintaining confidentiality.
  • Prevent unauthorized modifications to ensure accuracy and integrity.
  • Establish business continuity plans to ensure uninterrupted operations.
  • Ensure compliance with information security guidelines for listed companies and related regulations.
  • Protect personal data associated with Company services from theft, alteration, damage, loss, or leakage caused by external threats or improper internal management.
  • Ensure compliance with applicable laws and regulations (e.g., Criminal Code, National Secrets Protection Act, Patent Act, Trademark Act, Copyright Act, Personal Data Protection Act, etc.).

Strengthening Joint Information Security Defense

To enhance the application and exchange of information and communication security technologies, JPC joined TWCERT/CC and the Taiwan Cybersecurity Supervisors Alliance (Taiwan CISO Alliance) this year.

TWCERT/CC Crisis Management and Coordination Center and Taiwan CISO Alliance Defense Priorities:

International Cybersecurity Incident Joint Prevention

Transnational Cybersecurity Intelligence Exchange

Corporate Cybersecurity Notification and Referral

Intelligence Gathering and Cybersecurity Promotion

CISO PDCA
CISO PDCA
Company Information Security Organizational Structure
JPC connectivity Inc. 2025 Information Security Committee Agenda Summary
Meeting Dates: April 28, 2025 - August 7, 2025

Main Responsibilities:

  1. Approve and issue the JPC Group “Information Security Policy” and management procedures.
  2. Conduct information asset risk assessments — meetings to determine acceptable risk levels.
  3. Hold the 2025 Management Review Meeting.
  4. The Company regularly reports to the Board on the implementation of information and communication security measures; the most recent report was submitted on November 4, 2025.

In fiscal 2025, 3 meetings were held.
As of August 7th, the average attendance rate was 100%.

Information Security Management System

The Company’s Information Security Management System (ISMS) follows the continuous improvement PDCA cycle model established by the International Organization for Standardization (ISO), integrating and strengthening the security framework into a systematic, documented management mechanism.
Through ongoing monitoring and performance reviews, the Company ensures effective information security management and business continuity, protecting the confidentiality, integrity, and availability of information assets, while complying with relevant laws and regulations.
This safeguards the rights of employees and customers and achieves the following goals:

  1. Implement the information security policy.
  2. Ensure regulatory compliance.
  3. Strengthen incident response capability.
  4. Cultivate information security expertise among staff.
  5. Achieve measurable effectiveness in information security management.
JPC obtained ISO/IEC 27001:2022 certification for its information security management system in September 2025. This reflects JPC's continued efforts and commitment to improving information security performance in the field. To ensure the company implements the ISO 27001 management mechanism, a recertification process is conducted every three years to maintain the validity of its ISO 27001 certification.

Personal Data Protection Management Measures
JPC issued its Personal Data Protection Management Measures in November 2025.

Scope of Application of these Management Regulations:
The company's directors, managers, all employees, clients, suppliers, consultants, service providers, and third-party personnel who have business dealings with the company.
Responsible Departments:
Human Resources & Administration / Information & Communications / Sales / Purchasing / Finance & Accounting / Legal / Auditing

Employee training in 2025 (A total of 7 legal and cybersecurity education and training sessions were held)
1290 person-times; Training hours 1683 hours.

2025 Cybersecurity Data Statistics
Pass Rate

89%

Semiannual Drills: Once every 6 months

Execution Rate

98%

Critical System Service Availability

Execution Rate

1 HR / Quarter

InfoSec Awareness Training

Execution Rate

Once per Year

Vulnerability Scanning

Execution Rate

Once per Year

Backup and Recovery Drills

Password Policy Compliance Rate

100%

Password Compliance

Certificate Obtained

27001:2022

Taiwan/Mainland China/Vietnam

ISO 27001(TW)
ISO 27001(EN)
ISO 27001(VN)
ISO 27001(CH)
mail to JPC
go top