IEI Integration Corp. (IEI) develops the Information Security Policy to strengthen information security management and ensure the confidentiality, availability and implementation of IEI information assets in order to provide an information environment for information business continuity. This policy complies with the relevant regulation requirements and prevents the deliberate or accidental threats from inside or outside of IEI.

1. IEI establishes the Information Security Management System (ISMS) in accordance with the concerns of "internal and external stakeholders." and the relevant government regulation requirements. To ensure confidentiality, availability and implementation of the information, the ISMS is designed to be used in the security management of operation of Server Room and maintenance of ERP system. The ISMS is already able to acquire information about the operation and management processes and meet all safety requirements and expectations.
    
2. The ISMS covers fourteen (14) management matters to prevent data misuse, leakage, tampering and destruction due to human error, deliberate revealing, natural disasters or other factors, resulting in possible risks and hazards to IEI.


3. Management matters are as below:
   • Information security policy
   • Organization of information security
   • Human resource security
   • Asset management
   • Access control
   • Encryption
   • Physical and environmental security
   • Operation security
   • Communication security
   • System acquisition, development and maintenance
   • Supplier relationship
   • Information security incident management
   • Information security aspects of business continuity management
   • Compliance

1. "Information Asset" means, the hardwares, softwares, services, documents and people that maintain IEI information business operation.


2. "Information environment for business continuity management" means, the computer operating environment that maintain IEI business operation.

IEI will maintain the confidentiality, integrity and availability of IEI information assets, and protect user data privacy with the concerted efforts of all colleagues to accomplish the following objectives:

• Protect IEI's business activity information from unauthorized access.
• Protect IEI's business activity information from unauthorized modifications, and ensure the information is correct and complete.
• Establish an inter-departmental information security organization to develop, promote, implement, evaluate and improve the information security management, and to ensure that IEI has an information environment for business continuity.
• Implement information security education and training, promote staff awareness, and enhance their knowledge on related responsibilities.
• Implement information security risk assessment to improve the effectiveness and timeliness of information security management.
• Implement information security internal audit system to ensure the implementation of information security management.
• Business activities of IEI shall comply with the requirements of the relevant 
  Act or regulations.

1. IEI managers established and reviewed this policy.


2. IEI information security administrators implemented this policy through appropriate standards and procedures.


3. All staff and outsourcing vendors are required to follow the relevant safety management procedures to meet the requirements of this policy.


4. All staff of IEI has a responsibility to report any information security incidents and identified vulnerabilities.