ESG Management

We’re prioritizing data security and integrity.

For a more secure digital future, we’re investing in information security. Eclat is committed to data protection, joint cybersecurity efforts, and industry-standard risk assessment and prevention.

Eclat Information Security Division

Securing Eclat, our Information Security Division is committed to safeguarding the company’s information assets. Established in compliance with Article 9-1 of the Regulations Governing the Establishment of Internal Control Systems by Public Issuers and Level 2 standards for over-the-counter (OTC) companies. The division enhances security across Eclat and its subsidiaries, balancing stringent measures with preserving autonomy. On September 7, 2023, we appointed an Information Security Supervisor and an information security-dedicated team to bolster this commitment.

Key responsibilities of the division:

  • Planning, executing, and leading information security initiatives and early-stage prevention measures.
  • Performing yearly independent evaluations to assess the company’s current position and new information security policies, regulations, and technological developments.
  • Coordinating with subsidiaries to share essential security updates and establish incident reporting protocols.
  • Working alongside the auditing unit to conduct both scheduled and unscheduled security audits.

Security compliance requirements

As part of Eclat’s unwavering commitment to the highest data security and integrity standards, we’ve formulated vital security policies and protocols that every unit must strictly follow. This compliance ensures data confidentiality, integrity, and availability and protects against unauthorized access, interference, and other risks.

In addition, our security risk management system adopts the ‘Plan-Do-Check-Act’ (PDCA) approach. This continuous improvement cycle enhances effectiveness, ensuring the company’s sustainable operation and growth.

Cybersecurity risk management framework

We’ve devised robust risk management strategies to implement our information security policies effectively. These strategies are designed to minimize threats, vulnerabilities, and the impact of incidents.

The core strategies include:

  • Strengthen security measures: Conduct biannual vulnerability scans, provide initial testing repairs, offer improvement recommendations, and implement key risk control measures. Recommendations for initial testing repair and improvements were made available in 2023.
  • Backups and recovery: Perform regular data and off-site backups and conduct annual disaster recovery drills with detailed reporting.
  • Security intelligence partnerships: Eclat joined the ISAC and TWCERT/CC information security organizations for real-time threat intelligence. This allows for faster detection and response to cybersecurity threats.
  • Education and training: Conduct two annual social engineering exercises, enforce cybersecurity training, and run periodic security awareness campaigns to keep all employees vigilant. As part of our 2023 cybersecurity initiative, we simulated 3,000 phishing emails sent to 1,000 employees. Those interacting with these emails must complete our ‘Social Engineering Education and Training’ course.
  • Advance information security competence: Strongly encourage personnel to participate in security seminars and training courses to deepen knowledge and enhance expertise. Throughout 2023, Eclat teams participated in three information security seminars and two training courses.
  • Board oversight: Routine reports to the Eclat Board by the Information Security Supervisor, in addition to annual risk assessments and strategic recommendation reviews.

Learn more about our efforts