Operation and Governance
Information Security Management
Effective cybersecurity management is fundamental to all operations. To ensure cybersecurity goal consensus, USI sets up a committee to boost cybersecurity awareness. The committee members are composed of the CIO, CFO, GISO, Vice Presidents or Division heads level above. The CIO reports to the Senior Vice President of the Administration Group. Under the committee, there are information security representatives who implement cybersecurity affairs. USI obtained ISO 27001 certification in 2020 and Zhangjiang Facility passed TISAX (Trusted Information Security Assessment Exchange) certification in 2023, which provides excellent evidence about the maturity of cybersecurity governance.
Cybersecurity Goals
USI's cybersecurity objectives are to ensure the preservation of Confidentiality, Integrity, Availability and Compliance of the core systems engaged in business operations. Additionally, quantitative goals are defined according to organization level and job function to ensure the achievements of the Information Security Management System implementations and cybersecurity objectives.
1. Protect USI's important information assets, including USI and customer products, manufacturing processing information and recipe, R&D information, services, and maintain their confidentiality, integrity, and availability.
2. Strengthen USI employee's awareness of the company's and customer's information asset protection responsibilities.
3. Ensure that the execution of all business comply with the requirements of relevant laws or regulations.
4. Construct a safe and convenient information network environment to protect employees from internal and external cybersecurity threats.
5. Establish a cybersecurity sustainability plan to ensure the business contingency.
6. In-depth assess existing cybersecurity level and enhance the maturity of entire cybersecurity management.
Cybersecurity Advocacy and Training
USI has made an Information Security Policy and established a Security Operation Center to increase cybersecurity protection. Through regular announcement to improve employees' risk identification ability. IT also irregularly practices Social Engineering (Phish Insight) to enhance employees' cybersecurity awareness. The IT Department spot-checks illegal use of software, any illegal cases will be punished according to regulations. USI arranges an online training course to strengthen employees' cybersecurity thinking. All employees should take Cybersecurity courses and pass tests. Cybersecurity training completion rate was 100% in 2023.
The company continues to steadily enhance resilience of information security defense to provide reliable products and services for customers. Until the end of 2023, USI had no major cybersecurity incidents.
Information Security Policy
Universal Scientific Industrial Co., Ltd., and its subsidiaries (USI or the Company) acknowledge that our clients entrust us with their most critical technological and operational needs. To uphold this trust and deliver uncompromising reliability, this Information Security Policy establishes our commitment to maintaining secure, resilient, and continuously available services.
We commit to:
- Protecting client data through enterprise-grade security controls to prevent unauthorized access, tampering, or disruption.
- Ensuring service continuity via proactive risk management and business continuity measures.
- Complying with global standards (e.g., ISO 27001, TISAX) to meet and exceed client and regulatory expectations.
- Promoting transparency through regular reviews and enhancements to our security posture.
By implementing this policy, USI reaffirms its dedication to operational excellence, enabling clients to rely on our services with confidence.
The complete information security policy is detailed in the following management measures:
