Information Security
Information technologies are constantly evolving, and new methods of information transmission are continuously being developed. The trust and loyalty that customers have towards the Company may be affected if information security loopholes are abused by hackers, leading to customers information being leaked. Additionally, the Company may be fined or face other legal consequences under laws and regulations, affecting the Company's external corporate image and business reputation. By managing information security risks and adopting the appropriate measures, we can effectively reduce the amount of financial damage and legal risks facing the Company, as well as maintain the Company's corporate image and business reputation. At the same time, doing so allows us to avoid causing negative external influences, positively influence our economic, community, and business partners, as well as protect the rights of the Company and our customers.
Thus, Brogent has continued to tirelessly refine our information security governance, and improve our ability to protect information security. Our IT department is responsible for our information security, and we have assigned dedicated information security personnel pursuant to the Information and Communication Security Guide for Exchange-Listed and OTC-Listed Companies. These employees are responsible for establishing the Company's information security policies, planning information security measures, and implementing related information security work in order to ensure that the Company's confidential information, business secrets, and personal information are adequately protected.
Information Security Measures
Information Security Risk Levels
Improve Information Security Prevention Awareness
Brogent regularly prepares annual plans for information security drills and prevention awareness training. The heads of the IT Department, Audit Office, each of our departments, and the Chairman all attend this planning meeting, which also discusses and reviews results from the information security prevention phishing drills. Brogent also provides all new employees with training on information security policies. Apart from holding annual education and training courses on information security prevention awareness, we also provide additional training on risk identification for those employees discovered to have taken medium or high risk actions during the phishing drill. After these courses, employees are required to complete an information security awareness test designed based on the examination standards for the telecommunications industry, the types of business operations that the Company engages in, our business environment, and our corporate culture, in order to determine the effectiveness of the education and training provided. In 2022, 100% of employees who took these education and training courses scored full marks on this test.
Customer Privacy
Each year, Brogent uses internal training and education to improve employee awareness on protecting confidential private customer information. We use and protect customer information strictly pursuant to the agreement signed with our customers, and our Legal Department provides our marketing team with advice on how customer information may be disclosed pursuant to the provisions and disclosure scope provided in these agreements after a legal review, before any customer information is used for external marketing and promotion. Should any of our customers discover that their private or confidential information has been leaked, they may file a complaint or report through our official website (https://www.brogent.com/en/contact-us.html). In 2022, we have received no customer reports of their privacy rights being violated, or of their confidential information being disclosed.
Personal Data Protection
In order to ensure the Company's information security, Brogent has established the Rules for Reporting Information Security Issues, allowing all employees to report information security issues timely. Employees may report issues through email or verbally, but records need to be made for each report, and Company supervisors made aware of reported issues. At the same time, we have planned to hold drills in the first half of 2023 in order to effectively respond to information security incidents, as well as to help our employees become more familiar with how to report information security incidents and implement response measures.
