Announcement Date: January 1, 2025
Information Security Policy
1. Information Security Policy Statement
The Information Security Policy of Smart Group Solutions Corp. (hereinafter referred to as “the Company”) is: “Make effective use of information, maintain continuous business operations, and ensure the security of information processing.”
2. Purpose
Recognizing that information security is fundamental to the stable operation of all services, this Information Security Policy (hereinafter referred to as “this Document”) is established to ensure the Company fulfills its mission of implementing sound information security practices. This Document serves as the highest guiding principle for the Company’s Information Security Management System (ISMS).
3. Objectives
The Company’s information security objectives are to ensure the confidentiality, integrity, availability, and compliance of its internal core systems. Quantitative indicators for measuring information security performance shall be defined according to organizational levels and functions to verify the implementation status of the ISMS and the achievement of its objectives.
3.1 Confidentiality: Prevent the disclosure of any sensitive Company information to the internet.
3.2 Integrity: Ensure the accuracy of sensitive Company data (e.g., financial information, personnel data, system information).
3.3 Availability: Ensure proper backup of all critical data held by the Company.
3.4 Compliance: Comply with relevant laws and regulations of Taiwan (e.g., Personal Data Protection Act, Trade Secrets Act, and intellectual property laws) to prevent infringement of the rights of the Company or third parties.
4. Scope
This policy applies to the entire Company. To ensure the effective operation of the ISMS, the Company shall establish clear information security organizational structures, responsibilities, and authorities to promote and maintain management, implementation, and audit-related activities.
5. Implementation Principles
The implementation of the ISMS shall follow the Plan-Do-Check-Act (PDCA) cycle, ensuring effectiveness and continuity through an iterative and progressively refined approach.
6. Review and Evaluation
6.1 This Document shall be reviewed at least once a year, taking into consideration the latest developments in laws and regulations, technological changes, stakeholder expectations, business activities, internal management, and available resources to ensure the effectiveness of information security operations.
6.2 This Document shall be revised based on review results and shall take effect only after approval and issuance by the Information Security Management Committee or its authorized representative.
6.3 Upon establishment or revision, this Document shall be communicated to relevant stakeholders—including employees, suppliers, customers, and external auditors—through appropriate methods such as email, website announcements, or printed copies.