Operation and Governance
Information Security Management
USI sets up Information Security Steering Committee to complete information security management. The committee members are composed of the CIO, CFO, GISO, Vice Presidents or Division heads level above. The CIO reports to the Senior Vice President of the Administration Group. Under the committee, there are information security representatives who implement cybersecurity affairs. The Information Security Division is responsible for the planning, construction, operation and maintenance of information security. The committee holds semi-annual meetings, information security representative reports the cybersecurity status to committee management team and provides guidance for cybersecurity strategies and implementation.
Information Security Goals Goals
USI believes effective information security management is fundamental to all operations and has been devoted to a holistic cybersecurity system enhancement through resources investment. USI's security goals are to ensure the preservation of Confidentiality, Integrity, Availability and Compliance of the core systems engaged in reliable services for customers.
We commit to:
• Protecting client data through enterprise-grade security controls to prevent unauthorized access, tampering, or disruption.
• Ensuring service continuity via proactive risk management and business continuity measures.
• Complying with global standards (e.g., ISO 27001, TISAX) to meet and exceed client and regulatory expectations.
• Promoting transparency through regular reviews and enhancements to our security posture.
Cybersecurity Advocacy and Training
USI conducts annual on-job training which focus on cybersecurity threats including Phishing Attack, Social Engineering, Password Security, Information Security and Device Safety. All employees should take Cybersecurity courses and pass tests. Cybersecurity training completion rate was 100% in 2024.
The company continues to steadily enhance resilience of information security defense to provide reliable products and services for customers. Until the end of 2024, USI had no major cybersecurity incidents.
Information Security Policy
Universal Scientific Industrial Co., Ltd., and its subsidiaries (USI or the Company) acknowledge that our clients entrust us with their most critical technological and operational needs. To uphold this trust and deliver uncompromising reliability, this Information Security Policy establishes our commitment to maintaining secure, resilient, and continuously available services.
We commit to:
- Protecting client data through enterprise-grade security controls to prevent unauthorized access, tampering, or disruption.
- Ensuring service continuity via proactive risk management and business continuity measures.
- Complying with global standards (e.g., ISO 27001, TISAX) to meet and exceed client and regulatory expectations.
- Promoting transparency through regular reviews and enhancements to our security posture.
By implementing this policy, USI reaffirms its dedication to operational excellence, enabling clients to rely on our services with confidence.
The complete information security policy is detailed in the following management measures:
