Operation and Governance
Information Security Management
Effective cybersecurity management is fundamental to all operations. To ensure we have consensus of cybersecurity goals, USI set up a committee to boost cybersecurity awareness. The committee members are composed of CIO, CFO, GISO, Vice Presidents or Division heads level above, CIO shall report to Senior Vice President of Administration Group. Under the committee, there are information security representatives to assist the Information Security Committee in implementing cybersecurity affairs. USI obtained ISO 27001:2013 Certification and the cybersecurity management is further implemented in the USI Group.
Cybersecurity Goals
USI's cybersecurity objectives are to ensure the preservation of Confidentiality, Integrity, Availability and Compliance of the core systems engaged in business operations. Additionally, quantitative goals are defined according to organization level and job function to ensure the achievements of the Information Security Management System implementations and cybersecurity objectives.
1. Protect USI's important information assets, including USI and customer products, manufacturing processing information and recipe, R&D information, services, and maintain their confidentiality, integrity, and availability.
2. Strengthen USI employee's awareness of the company's and customer's information asset protection responsibilities.
3. Ensure that the execution of all business comply with the requirements of relevant laws or regulations.
4. Construct a safe and convenient information network environment to protect employees from internal and external cybersecurity threats.
5. Establish a cybersecurity sustainability plan to ensure the business contingency.
6. In-depth assess existing cybersecurity level and enhance the maturity of entire cybersecurity management.
Cybersecurity Advocacy and Training
Through regular announcement, employees are required to follow network cybersecurity regulations and use legal software. IT also irregularly practices Social Engineering (Phish Insight) to enhance employees' cybersecurity awareness. IT Department spot-checks illegal use of software, any illegal cases will be punished according to regulations. USI arranges an online training course to strengthen employees' cybersecurity thinking. All employees should take Cybersecurity courses and pass tests. Cybersecurity training completion rate was 100% in 2022.
IT members need take professional training courses and be certified to ensure the effectiveness of our cybersecurity organization can systematically solve cyber incidents. USI had no cybersecurity incidents in 2022.
TISAX Information Security Policy
Given that information security is the foundation for maintaining the security operation of various services, and to ensure that Universal Scientific Industrial (Shanghai) Co., Ltd. has the ability to develop and sustain a competitive advantage, and to fulfill the mission of information security, the TISAX Information Security Management Manual is formulated as an overview of the information security management system established based on the requirements of TISAX standards.
The implementation of the TISAX Information Security Management System should follow the Plan-Do-Check-Adjust cycle model, with a spirit of continuous improvement and gradual progress, ensuring the effectiveness and sustainability of information security. The TISAX Information Security Management System should be implemented based on the scope, following a systematic and progressive approach.
The complete TISAX information security policy is detailed in the following management measures: