Excellence in Governance|Information Security
Nuvoton always explore new markets actively, continuously maintaining the profitability of the company's operations, and investing in strategic patent layouts. To ensure integrity in management and compliance with laws, it constantly monitors domestic and international policies and emerging risks that may affect the company. It regularly promotes the core values of integrity in management, establishes a robust corporate culture, and develops a sustainable new situation.
100
%
Integrity management education and training
0.52
NTD
EPS
1984
Patents Granted
Accumulated approved patents globally
Information Security
Nuvoton has established the "Nuvoton Security Policy" and "Information Security Management Measures," and implemented control measures accordingly to maintain a secure information environment, protecting Nuvoton and customer information from theft, cybercrime, industrial espionage, or other forms of harm and loss. Confidentiality agreements are signed with manufacturers and customers to mutually protect sensitive data and prevent the improper disclosure of confidential information. Furthermore, the Company carries out yearly internal audits in accordance with its information security internal control system, convenes regular meetings to manage information security, where it reviews and monitors enhancements in information security operations, and routinely conducts risk assessments for both internal and external stakeholder topics, such as customers, suppliers, employees, and regulatory bodies.
In December 2022, Nuvoton Taiwan established the dedicated Information Security Department, and it was upgraded to a division-level organization and renamed as Information Security Division in March 2024. It is mainly responsible for the group's information security governance, enhancing employees'data security awareness and information security, preventing the leakage of sensitive information, strengthening data security defense and threat detection capabilities, and integrating internal and external resources to implement information security risk management, in order to ensure the information security resilience and continuous operation of the Nuvoton Group. In 2024, to ensure customers that can collaborate with us with confidence, Nuvoton Taiwan implement the new version of the ISO 27001:2022 international information security management system in response to customer requirements. Nuvoton Japan also upgrade the certification to the new version ISO 27001:2022 in 2024. Additionally, due to its involvement in IC card and automotive-related products, Nuvoton Japan has obtained ISO/IEC 15408 and ISO/SAE 21434:2021 certifications.
Information Security Risk Control Measures
Item | Specific Measures | Achievements in 2024 |
---|---|---|
Enhancing Staff Awareness of Information Security |
| Nuvoton Taiwan
Nuvoton Japan
|
Information Security Monitoring and Handling of Anomalous Events |
|
|
Weakness and Vulnerability Management |
| Nuvoton Taiwan
|
Identity Access Control |
|
|
Physical Security Protection Code Security | Access to different areas is restricted based on employee roles, requiring the use of access cards for identity verification when entering each designated area |
|
Code Security |
| Nuvoton Taiwan
|
Email security |
| Nuvoton Taiwan
Nuvoton Japan
|
Supplier information security management | Nuvoton Taiwan
Nuvoton Japan
| Nuvoton Taiwan
Nuvoton Japan
|
Customer Privacy Protection
With the increasing cybersecurity threats, Nuvoton has implemented the ISO/IEC 27001 Information Security Management System in 2023 to ensure the protection of customer privacy and prevent theft or leakage of trade secrets and intellectual property rights. In addition to conducting regular internal control self-assessment audits, control points are established based on personnel, customer, and vendor data, with regular checks and records of control point execution. Annual review and audit operations are conducted to establish a comprehensive information security environment, aiming to prevent major incidents and penalties and maintain the reputation of the company and its customers.
Customer Privacy Protection Act