
Operation and Governance
Information Security Management
Effective cybersecurity management is fundamental to all operations. To ensure cybersecurity goal consensus, USI sets up a committee to boost cybersecurity awareness. The committee members are composed of the CIO, CFO, GISO, Vice Presidents or Division heads level above. The CIO reports to the Senior Vice President of the Administration Group. Under the committee, there are information security representatives who implement cybersecurity affairs. USI obtained ISO 27001 certification in 2020 and Zhangjiang Facility passed TISAX (Trusted Information Security Assessment Exchange) certification in 2023, which provides excellent evidence about the maturity of cybersecurity governance.

Cybersecurity Goals
USI's cybersecurity objectives are to ensure the preservation of Confidentiality, Integrity, Availability and Compliance of the core systems engaged in business operations. Additionally, quantitative goals are defined according to organization level and job function to ensure the achievements of the Information Security Management System implementations and cybersecurity objectives.
1. Protect USI's important information assets, including USI and customer products, manufacturing processing information and recipe, R&D information, services, and maintain their confidentiality, integrity, and availability.
2. Strengthen USI employee's awareness of the company's and customer's information asset protection responsibilities.
3. Ensure that the execution of all business comply with the requirements of relevant laws or regulations.
4. Construct a safe and convenient information network environment to protect employees from internal and external cybersecurity threats.
5. Establish a cybersecurity sustainability plan to ensure the business contingency.
6. In-depth assess existing cybersecurity level and enhance the maturity of entire cybersecurity management.

Cybersecurity Advocacy and Training
USI has made an Information Security Policy and established a Security Operation Center to increase cybersecurity protection. Through regular announcement to improve employees' risk identification ability. IT also irregularly practices Social Engineering (Phish Insight) to enhance employees' cybersecurity awareness. The IT Department spot-checks illegal use of software, any illegal cases will be punished according to regulations. USI arranges an online training course to strengthen employees' cybersecurity thinking. All employees should take Cybersecurity courses and pass tests. Cybersecurity training completion rate was 100% in 2023.
The company continues to steadily enhance resilience of information security defense to provide reliable products and services for customers. Until the end of 2023, USI had no major cybersecurity incidents.
TISAX Information Security Policy
Given that information security is the foundation for maintaining the security operation of various services, and to ensure that Universal Scientific Industrial (Shanghai) Co., Ltd. has the ability to develop and sustain a competitive advantage, and to fulfill the mission of information security, the TISAX Information Security Management Manual is formulated as an overview of the information security management system established based on the requirements of TISAX standards.
The implementation of the TISAX Information Security Management System should follow the Plan-Do-Check-Adjust cycle model, with a spirit of continuous improvement and gradual progress, ensuring the effectiveness and sustainability of information security. The TISAX Information Security Management System should be implemented based on the scope, following a systematic and progressive approach.
The complete TISAX information security policy is detailed in the following management measures: