Innotech Fundamental Policy on Information Security

Introduction

Innotech was established as a semiconductor trading company which offer products with high technical expertise and we have been providing highly reliable and value-added solutions which include technical information. As we continue our business activities, the asset value of our information as well as the asset values of our physical IT system (collectively “Information Assets”) have become extremely high and we believe that properly maintaining our Information Assets and effectively utilizing them will help us obtaining even higher trust from our customers as well as gaining and maintaining our competitive edges.
Thus, under the purpose of creating and maintaining appropriate management scheme of information security, Innotech has devised the following “Fundamental Policy on Information Security”.
This Fundamental Policy on Information Security will be developed, maintained and managed under our Chief Information Security Officer (CISO).

Definition and Composition of Fundamental Policy on Information Security

Definition:

Fundamental Policy on Information Security sets our policy related to information security and all the employees from the top management to working level people are obligated to manage security of information and fulfill their responsibilities corresponding to their user profiles and authorities related to our Information Assets under this Policy. Also, a mechanism to manage information security which is indispensable and appropriate to fulfill such obligations and responsibilities will be established under this Policy.

Information Security-related Schemes

1. Management scheme

In order to ensure the effectiveness of this Policy, its execution and users’ compliance with the Policy need to be monitored. Also, to keep abreast with the management environment which keeps changing and the progress of IT technology, the Policy needs to be managed and updated by the Information Security Management Committee which is established under the CISO and such committee will continuously monitor, assess, and review the Policy to maintain and improve our information security.
Also, information security audit will be conducted periodically so that the appropriateness and the effectiveness of the Policy will be checked and evaluated.

2. Educational scheme

In order to ensure the effectiveness of the Policy, proper education and management scheme of the employees based on the Policy will be established. When the Policy is introduced, initial security training will be conducted and in addition to that, education for new employees will be offered and notifications of changes of the Policy will be provided, so that all the employees will share the same knowledge and understanding of the Policy at all times.

3. Compliance with legal requirements as well as with other related rules and standards

Innotech will comply with its internal rules and guidelines as well as applicable laws and regulations related to the handling of Information Assets.