Precision Governance|Information Security
Nuvoton always explore new markets actively, continuously maintaining the profitability of the company's operations, and investing in strategic patent layouts. To ensure integrity in management and compliance with laws, it constantly monitors domestic and international policies and emerging risks that may affect the company. It regularly promotes the core values of integrity in management, establishes a robust corporate culture, and develops a sustainable new situation.
100
%
Integrity management education and training
5.77
NTD
EPS
4954
特許
Accumulated approved patents globally
Information Security
Nuvoton has established the " Nuvoton Security Policy " and "Information Security Management Measures" to create a secure information management system and implement control measures. This ensures a safe information environment, protecting company and customer data from theft, cybercrime, industrial espionage, or other threats. Confidentiality agreements with partners and customers prevent unauthorized disclosure of sensitive information. Regular internal security audits ensure effective control measures. To reduce overall information security risks, Nuvoton enhances employee awareness with monthly security promotions and quarterly social engineering training.
In December 2022, Nuvoton established a dedicated information security unit and appointed a supervisor to oversee information security-related operations and ensure the effectiveness of the company's information security and risk management mechanisms. To assure our customers of secure collaboration with us, Nuvoton Taiwan launched an ISO/IEC 27001 information security management system project in September 2023. This project organization is supervised by Nuvoton's president, vice presidents of various business groups, and center supervisors, with related unit supervisors and colleagues forming project teams. Actively implementing the information security management system, Nuvoton Taiwan completed "information asset inventory," "business continuity exercises," "risk identification and improvement," and "information security control mechanisms" in 2023.
Additionally, in terms of product safety, Nuvoton Taiwan has passed the ISO/IEC 15408 Common Criteria certification by the international security organization, proving that the production process complies with international standards as reliable security products, thus protecting customer information and assets. Facing the increasing threats of cyber hacker attacks and the use of more complex and advanced attack methods, Nuvoton Taiwan has evaluated the implementation of Endpoint Detection and Response (EDR) solutions to enhance the monitoring and protection capabilities against hacker activities and malicious attacks. This aims to accelerate threat detection and automated response mechanisms, analyze potential hacker activities, improve the efficiency of investigating and tracking hacker activities, and comply with information security control trends and compliance requirements. After completing the EDR solution selection and functionality verification, a phased implementation and deployment plan was carried out to gradually strengthen the group's overall depth defense architecture and the breadth and depth of threat detection, as well as enhance the response mechanism and speed to hacker attack activities. Nuvoton Japan's EDR endpoint protection solution was completed in 2023.
2023 Information Security Risk Control Measures
Item | Specific Measures | Effectiveness in 2023 |
---|---|---|
Enhancing Staff Awareness of Information Security |
| NTC
NTCJ
|
Information Security Monitoring and Handling of Anomalous Events |
|
|
Weakness and Vulnerability Management |
|
|
Identity Access Control |
| For the information daily report on cloud login and remote access, analysis and investigation were conducted on unregistered devices and attempted login behaviors. No major incidents occurred in 2023 |
Physical Security Protection Code Security | Access to different areas is restricted based on employee roles, requiring the use of access cards for identity verification when entering each designated area |
|
Code Security |
|
|
Email security |
|
|
Information security education and training
Company | Personnel type | Training Topics | Content | Frequency | Total training hours | Training Completion Rat |
---|---|---|---|---|---|---|
NTC | General personnel | General Information Security Awareness | 12 issues | Once a month | 4 | 100% |
General Social Engineering Awareness | Understanding Phishing Emails and Social Engineering Techniques | Once a quarter | 4 | 97% | ||
General Personal Privacy Protection | Personal Data Privacy Protection | Once a year | 1 | 100% | ||
Product security personnel | Product Security | Product Security Training | At least once a year | 6 | 100% | |
Information security personnel | Product + General + Professional Courses | Information Security Technology and Related Regulations | At least once a year | 8 | 100% | |
NTCJ | General personnel
| Information Security Awareness | Familiarity with Information Security Risks and Risk Mitigation Measures | Once a year | 0.2 | 100% |
Email Self-audit | Considerations when sending emails | Twice a year | 0.5 | 100% | ||
Self-audit on the handling of "Company Mobile/Smartphones" | Implementation Overview and Issues | Once a year | 0.2 | 100% | ||
Self-audit on the handling of "Laptop Computers" | Considerations for taking laptop computers out of the office | Once a year | 0.2 | 100% | ||
Information Security Promotion Committee members | New Member Training | Basic Status of Information Security Promotion | Once a year | 0.5 | 100% |
Customer Privacy Protection
With the increasing cybersecurity threats, Nuvoton has implemented the ISO/IEC 27001 Information Security Management System in 2023 to ensure the protection of customer privacy and prevent theft or leakage of trade secrets and intellectual property rights. In addition to conducting regular internal control self-assessment audits, control points are established based on personnel, customer, and vendor data, with regular checks and records of control point execution. Annual review and audit operations are conducted to establish a comprehensive information security environment, aiming to prevent major incidents and penalties and maintain the reputation of the company and its customers.
Customer Privacy Protection Act
ISO 27001
Nuvoton Japan has published a privacy policy, which ensures obtaining consent from customers and business partners when handling personal information. When receiving or providing personal data to third parties, Nuvoton Japan adheres to the Personal Information Protection Act.
Privacy Protection Laws and Regulations
ISO/IEC 15408 Common Criteria
NTCJ has also obtained ISO/IEC 15408 Common Criteria EAL 5+ product security certification in promoting IC card business.