Information Security

HomeCSRInformation Security

Information Security Policy

1. Purpose and Scope

Purpose :
To ensure the confidentiality, integrity, and availability of information assets belonging to Argosy Research Inc. (hereinafter referred to as the “Company”). This policy strengthens the Company’s information security management, safeguards information assets against intentional or accidental internal and external threats, and ensures the protection of data, systems, equipment, and networks.

Scope :
To maintain information security, the Company establishes relevant regulations, adopts technical and data security standards, and integrates them into the management system. This ensures the protection of privacy and information security for employees, suppliers, and customers during business interactions.Our company obtained ISO 27001:2022 cybersecurity certification in 2025.

ISO 27001 certificate

2. Information Security Risk Management Framework

The Company’s President convenes a cross-departmental Information Security Management Committee, led by the IT Department and Administrative Management Department. Business-related units coordinate execution to ensure the effectiveness of the Company’s information security operations.

  • The Committee is responsible for formulating and reviewing the Information Security Management Policy on a regular basis.
  • Regular meetings are held to review implementation, with annual reports submitted to the Board of Directors for evaluation.

3. Information Security Objectives

  • Ensure the continuous operation of the Company’s business activities and the stable availability of its information services.
  • Safeguard the confidentiality, integrity, and availability of the Company’s information assets, while protecting the privacy of personal data.

4. Information Security Control Measures

  • Establish and regularly update an information asset inventory, conduct risk assessments, and implement control measures accordingly.
  • Conduct monthly information security awareness sessions; all new employees are required to sign a Confidentiality Agreement.
  • All employees and contractors must sign a Non-Disclosure Agreement (NDA) to ensure accountability in handling the Company’s information assets, preventing unauthorized access, alteration, destruction, or improper disclosure.
  • Critical information systems or equipment must have proper backup and monitoring mechanisms, with periodic drills to ensure availability.
  • Personal computers must be installed with anti-virus software, with virus definitions regularly updated. The use of unauthorized software is strictly prohibited.
  • Employees are responsible for safeguarding and updating their accounts, passwords, and access rights on a regular basis
  • Establish a standard response and reporting procedure for information security incidents to ensure timely handling and minimize potential damage.
  • All personnel must comply with relevant laws, regulations, and Company security policies. Managers are responsible for supervising compliance and strengthening employees’ awareness of information security and legal obligations.
  • In accordance with the TWCERT/CC Association member requirements for reporting major incidents and personal data breaches, if a listed company experiences a major cybersecurity incident or major personal data breach, it must issue a material information announcement and carry out subsequent reporting procedures within 72 hours.

5. Information Security Awareness and Implementation

Year 2022: Yearly information security awareness sessions were conducted, total 235 hours.

Year 2023 : Yearly information security awareness sessions were conducted, total 218 hours.

Year 2024 : Yearly information security awareness sessions were conducted, total 222 hours.

Year 2025 : Yearly information security awareness sessions were conducted, total 267 hours.