ESG

ESG

Implementation Summary

Integrity business operations and specific implementation

2023 Annual Integrity Management Implementation Report    Report to the Board of Directors 2023.11.2

 

Principle

According to Article 16 (Organization and Responsibility) of the company's "Code of Integrity Management", the implementation of promoting corporate integrity management should be reported to the board of directors on a regular basis (at least once a year):

  1. Help integrate integrity and moral values ​​into the company's business strategy, and cooperate with the legal system to formulate relevant anti-fraud measures to ensure honest management.
  2. Regularly analyze and evaluate the risks of dishonest behavior within the business scope, and formulate plans to prevent dishonest behavior accordingly, and formulate business-related standard operating procedures and behavioral guidelines within each plan.
  3. Plan the internal organization, establishment and responsibilities, and establish a mutual supervision and checks and balances mechanism for business activities with higher risks of dishonest conduct within the business scope.
  4. Promotion and coordination of integrity policy publicity and training.
  5. Plan the reporting system to ensure its effectiveness.
  6. Assist the board of directors and management to check and evaluate whether the preventive measures established for the implementation of honest operations are operating effectively, and regularly evaluate the compliance status of relevant business processes and prepare reports.

 

Implementation Results

As of October 25, 2020, the Company has been audited and found no violations of integrity management, nor has it received any internal or external reporting letters or legal cases related to the Company's integrity management. Therefore, the Company has not violated corporate integrity in 2012. Relevant norms of the Integrity Business Code.

1. Established integrity management policies and plans

1.1 The company has established the "Code of Integrity Business Operations", "Integrity Business Operation Procedures and Conduct Guidelines" and "Corporate Governance Practice Code" to clearly standardize the integrity management policy and announced it to the public on May 14, 2010.

1.2 The company has stated integrity-related standards in the "Work Rules" and "Employment Contract", and has also established "Reporting Laws for Internal and External Personnel on Illegal (including Corruption) and Unethical Behavior", regarding operating procedures, The behavioral guidelines, education and training, disciplinary and complaint systems for violations, etc. all have clear and detailed regulations.

In addition, when entering the company's file system through BPM or remote connection, colleagues must first read the confidentiality clause before entering the file to ensure that each time the company's files are used, they have fulfilled their responsibility to inform colleagues.

1.3 The company's "Employment Contract" and "Working Rules" strictly regulate employees' business confidentiality and interest avoidance regulations. When employees engage in dishonest behavior, they will be punished according to the severity of the case and reward and punishment regulations.

2. Implemented honest management

2.1 The company has established an evaluation mechanism for suppliers and customers based on internal controls. The rights and obligations of both parties during the contracting process are detailed in it, and there are integrity clauses such as confidentiality clauses and non-bribery clauses.

2.2 The company designates the Operation Support Office as a dedicated unit for promoting corporate integrity management, and reports to the board of directors in the fourth quarter of each year.

2.3 The company has formulated "Reporting Regulations for Illegal (Including Corruption) and Immoral Conduct by Internal and External Personnel", provides timely and appropriate channels for statements or reports, and implements measures to prevent conflicts of interest.

2.4 The company has established an effective accounting system and internal control system. Internal auditors check the compliance with the preceding system according to the audit plan and report to the board of directors on a regular basis.

2.5 The company regularly provides promotional documents on honest management from the competent authorities to directors and supervisors, and organizes internal and external education and training including honest management content as appropriate. The company's rules and regulations and code of conduct will be explained when new members arrive or when new directors are elected. In 2011, relevant documents and teaching materials have been put into the Xiaoli Learning Machine, and online exams are conducted every year to confirm that trainees have truly understood the company's regulations and laws. If they fail, they will be given in-person education.

3. The operation of the company’s whistleblowing system

3.1 The company has "laws for reporting illegal (including corruption) and unethical behavior by internal and external personnel" and has designated responsible units to handle complaints. It also has a customer service hotline to accept feedback in accordance with the prescribed procedures.

3.2 The company's "Report Law for Internal and External Personnel on Illegal (Including Corruption) and Immoral Behavior" clearly defines the reporting process and review unit, and promises to keep the reporter and the attached evidence confidential.

3.3 The company's "Reporting Regulations on Illegal (Including Corruption) and Immoral Conduct by Internal and External Personnel" clearly stipulates that if the person being reported makes any threats or acts of retaliation against the person reporting the report, the company will also take action in accordance with relevant regulations. punish.

4. Strengthened information disclosure

The company has formulated various integrity management code systems and will disclose relevant information on the company's website for the public to review at any time.

5. If a company has its own code of integrity management in accordance with the "Code of Integrity Management for Listed Companies", please describe the differences between its operation and the stipulated code:None

6. Other important information that will help you understand the company's honest business operations:

The company complies with the Company Law, the Securities and Exchange Law, the Commercial Accounting Law and other laws and regulations related to business conduct as the basis for implementing honest operations.

 

Education Training

  1. New employees (including part-time and work-study students): The employment contract contains provisions related to integrity management, and the newcomers sign on the day they take up the job. 100% of new recruits joining in 2023 will sign.
  2. Integrity promotions are held for current employees (including senior managers, part-time and work-study students) every October, including online tests. In 2023, a total of 62 people passed the "Integrity Business Code Promotion Course", with a total of 31 people, and the training completion rate was 100%.
  3. Directors: Promote the company's integrity code and ethics to directors electronically or on paper every October, and are required to sign the "Statement on Complying with Integrity Management Policies." In 2023, all directors will sign a letter of commitment.

 

Report on the expected implementation of the integrity management policy in 2024

  1. Continue to amend the integrity management policy and other management measures in accordance with the law.
  2. Continue to educate directors, supervisors, managers and relevant employees on “Insider Trading Prevention”, “Integrity Management Operating Procedures and Conduct Guidelines”, “Ethical Code of Conduct”, and “Integrity Management Code”.
  3. Continuously check internal and external reporting mailboxes and investigate cases of dishonesty or immorality in accordance with the above methods and internal control systems.
  4. For specific positions such as procurement and R&D personnel, sign a separate commitment letter on confidentiality and integrity.
  5. In accordance with the provisions of the Code of Integrity Management, directors and senior managers are required to issue a statement of compliance with the Integrity Management Policy.

 

Developed an intellectual property management plan linked to operational goals

2023 Intellectual Property Management Plan  Report to the board of directors 2023.11.2

 

Policy

1. Based on the company's own product operation strategy, establish its own technology to create a niche and corporate value for the company beyond channel agency.
2. Respect the intellectual property of others and do not intentionally infringe on the rights of others.
3. Establish an intellectual property management mechanism to maintain the acquisition, protection, maintenance and utilization management of intellectual property in line with company expectations.
4. Share profits from commercialized intellectual property with developers, encourage employees to continue to maintain the spirit of innovation, and realize the company's vision and good ideas of the Communist Party of China.

 

Execute plan

  1. Enrich R&D talents and equipment
    Since 2014, the annual compound growth rate of the R&D budget has been 6.6%, which is much higher than the overall operating expense compound growth rate of 5.3%; the number of doctoral-level talents has increased from 1 to 4, and various precision testing instruments have been purchased to enrich the R&D strength.
  2. Focus on improving silver paste technology and developing related application products
    (1) Low temperature sintering silver paste
    (2) High thermal conductivity silver paste
    (3)Thermal interface material
    (4) Laser engraving/screen printing silver paste
    (5)Customized system-level assembly silver paste
  3. Implement patent protection
    (1) In line with the company's operational goals, analyze technology development trends and create a patent map to establish a complete layout, which can also be used as a basis for reporting infringement by opponents or conducting avoidance designs.
    (2) In order to protect R&D results, encourage colleagues to innovate, and implement the application and utilization of intellectual property rights, patent application and reward methods will be formulated.
    (3) Continue to track and update relevant regulations from time to time, participate in relevant domestic and foreign seminars and exhibitions, etc., to enhance colleagues’ R&D capabilities and patent quality.
  4. Implement trademark protection
    Adhering to the company's CIS corporate identification policy, we continue to maintain various existing trademarks and apply for trademarks in various countries according to market needs to protect our own brands.
  5. Implement business secret protection
    (1) The company has established "Integrity Management Operating Procedures and Conduct Guidelines" and "Working Rules", which clearly stipulate the organization and responsibilities of employees to abide by the confidentiality mechanism.
    (2) Our company personnel are strictly required to abide by the relevant operating regulations on intellectual property in the preceding paragraph, and shall not disclose the company's business secrets, trademarks, patents, works and other intellectual property that they know to others, and shall not inquire or collect information about the company that is not related to their duties. Intellectual property such as business secrets, trademarks, patents, and works. Relevant specifications are stated in the employment contract, which must be completed when employees join the company.
    (3) Use the professional information management system DMP to classify, manage and retain business secret documents, providing safe confidentiality protection and processes.
    (4) The company has established "Laboratory Management Measures" to clearly standardize laboratory access control and protect important secrets and information from leakage. It also encrypts, manages access rights, saves and reviews access records for various research and development documents. , strictly control the flow of information.
    (5) Manufacturers who regulate their dealings should sign an NDA to fulfill their confidentiality obligations.
    (6) Sign an "Employee Confidentiality and Non-Competition Agreement" with each R&D colleague for their respective projects to protect the confidentiality of each project.
    (7) The company has established an electronic research results retention system to fully digitize important research results and manuscripts to protect the company's intellectual property.
  6. Colleagues are prohibited from using other people’s intellectual property
    The company states in the employment contract that employees should declare that all creations they create during the employment period are their own creations and will not infringe on the intellectual property rights of others. They also agree to ensure that they respect the intellectual property rights of others. If there is any violation, Bear all legal responsibilities yourself.
  7. Promotion of Tongren Intellectual Property Management
    Regularly conduct relevant training to enhance colleagues’ understanding of intellectual property management.
  8. Intellectual Property Risks and Countermeasures
    (1) When uncontrollable intellectual property rights are infringed, or improper infringement accusations occur, and related litigation cases occur, the company has long-term cooperation lawyers and patent firms to address possible risks in patent litigation and licensing negotiations. Conduct evaluation and analysis, take safeguarding the company's interests as the highest principle, actively face litigation, and avoid litigation affecting product sales and development.
    (2) Regarding the risk management and control of confidential leakage, in accordance with the company's current information security policy and management plan, the main response measures are as follows: take immediate defensive measures and use system commands to perform reverse queries, and cooperate with relevant units to track the intruder's address , and immediately report the situation to the responsible person in charge for follow-up resolution and future improvement directions to strengthen and consolidate the protection of the company's business secrets and intellectual property rights.

 

Execution results

  • 2015/03 Formulated "Laboratory Management Measures"
  • 2016/10 Formulated "R&D Incentive Measures"
  • 2017/07 Imported the document management system DMP to manage and retain confidential documents
  • 2018/02 Imported D-Security original file protection system to encrypt confidential files and access records
  • 2018/11 Held a training course on legal introduction and case analysis of business secrets
  • 2021/06 Formulated "Integrity Business Operation Procedures and Conduct Guidelines"

 

Information security management execution report

2023 Information Security Management Implementation Report   Report to the board of directors 2023.11.2

Information security management strategy and structure:

  1. Information security risk management structure: The company has established an information security team to implement information security management. Its members include senior supervisors (manager level or above), engineering staff of the information team, and auditors of the audit team. They are responsible for supervision, maintenance, and auditing.  
  2. Information security team execution items:
    (1) Establishment and supervision of information security standards.
    (2) Execution and coordination of information security operations.
    (3) Information security emergency incident handling and supervision.
    (4) Review and improvement of information security incidents.
    (5) Implementation and audit of relevant information security matters.
    (6) Convene information security meetings regularly. ​
  3. The company's audit team is the audit unit for information security supervision. If deficiencies are found during the audit, the company will immediately require the audited unit to propose relevant improvement plans and submit them to the board of directors, and regularly track the improvement results to reduce internal information security risks.
  4. Information security work - adopt PDCA (Plan-Do-Check-Act) cycle management to ensure the achievement of reliability goals and continuous improvement.

 

Information security policy

In order to ensure the safe and stable operation of the company's information and communication operations, provide reliable information and communication services, and smoothly promote the company's various businesses, in line with the information and communication security management operations, the company's information and communication security policy will implement the following policy principles.
1. Take into account information security and convenience.
2. Avoid internal and external information security risks.
3. Ensure that the service is stable and available.
4. Achieve sustainable business operations. ​​

 

Specific management plan

In response to frequent information security incidents in recent years, the company has strengthened its management mechanism for various information systems and rules. The specific plans are as follows:
1. Formulate rules for the use of user equipment, separate and limit the use environment and Internet access permissions of personal equipment and company equipment, strictly prohibit unauthorized equipment from using the internal network, and require external storage devices such as flash drives to be tested before they can be used in the company Computer use.
2. Regularly perform virus scans and security updates on personal computers and information hosts, and perform vulnerability scans on the company's major information systems every year to patch security vulnerabilities.
3. Strengthen data backup frequency and off-site data storage.
4. Strengthen employee security concepts and regularly promote information security concepts and case sharing to colleagues through meetings, announcements, internal corporate websites, etc. If there are suspicious information and emails, please do not open them easily to avoid social engineering attacks. .
5. Join information security joint defense organizations and regularly participate in information security-related seminars. Through information security information sharing, information security information and protection knowledge can be improved at any time to avoid information silos and the development of protection loopholes. ​

 

Invest resources in information security management

The company continues to invest in information security, data protection, personal information protection and other related operations. The resource investment includes improving the security infrastructure of governance and technology, strengthening information security defense equipment, and education and training. The company's information security protection status is reviewed every year. , timely update information security protection equipment to optimize the protection effect. ​

 

Information security implementation results:

2023:
1. New personnel education and training and information security promotion, 12 items were implemented, with a completion rate of 100%.
2. Information system disaster recovery simulation drill, a total of 1 drill was performed, with a completion rate of 100%.
3. Quarterly information security promotion and specific information security promotion, implemented 5 times, with a completion rate of 100%.
4. Information security colleagues participated in the information security seminar twice, with a completion rate of 100%.

Expected promotion projects in 2024:
1. Information system disaster recovery simulation drill, once a year.
2. Quarterly information security promotion and important information security promotion, 4 times a year.
3. Information security colleagues participate in information security-related seminars or training twice a year.
4. Outsource the scanning and patching of host vulnerabilities to vendors.
5. Outsourced vendors conduct social engineering and information security protection drills.

Search

依據歐盟施行的個人資料保護法,我們致力於保護您的個人資料並提供您對個人資料的掌握。
按一下「全部接受」,代表您允許我們置放 Cookie 來提升您在本網站上的使用體驗、協助我們分析網站效能和使用狀況,以及讓我們投放相關聯的行銷內容。您可以在下方管理 Cookie 設定。 按一下「確認」即代表您同意採用目前的設定。

Manage Cookies

Privacy preferences

依據歐盟施行的個人資料保護法,我們致力於保護您的個人資料並提供您對個人資料的掌握。
按一下「全部接受」,代表您允許我們置放 Cookie 來提升您在本網站上的使用體驗、協助我們分析網站效能和使用狀況,以及讓我們投放相關聯的行銷內容。您可以在下方管理 Cookie 設定。 按一下「確認」即代表您同意採用目前的設定。

Privacy Policy

Manage preferences

Necessary cookie

Always on

網站運行離不開這些 Cookie 且您不能在系統中將其關閉。通常僅根據您所做出的操作(即服務請求)來設置這些 Cookie,如設置隱私偏好、登錄或填充表格。您可以將您的瀏覽器設置為阻止或向您提示這些 Cookie,但可能會導致某些網站功能無法工作。