Cyber Security Risk Management Framework
EDT appoints the top manager of the Management Information System Department as the head of cyber security, and establishes the “Cyber Security Committee” and a “Cyber Security Implementation Team” to consolidate our cyber security. The “Cyber Security Committee” is convened by the head of cyber security, and each unit within EDT:Audit Office, Management Information System Department, Administration Department, Legal Affairs and Market Department appoints one person as a committee member. The “Cyber Security Implementation Team” is assigned by the convener to serve as team members from the Management Information System Department, who are responsible for planning and implementing cyber security operations, mainly cyber security prevention and incident handling.
The cyber security policy is formulated by the “Cyber Security Implementation Team” and is approved by the “Cyber Security Committee”, and management review meetings are held regularly or the applicability of policies are re-evaluated when there are major changes in the organization (such as organizational adjustments, major business changes, etc.) Appropriate revisions of the cyber security policy will be made in accordance with latest assessment results, relevant laws, technologies, and business developments so as to be in compliance with actual needs. Meanwhile, the “Cyber Security Committee” makes regular reports of the cyber security risk management to the Board of Directors each year, thus strengthening supervision and management of directors to operations of EDT.