In order to coordinate information development and information security management matters, and reduce information security risks, Mega Securities has established the "Information Security Policy" and "Information Security Policy - System Access Control" approved by the Board of Directors; in 2023, the Company continuously introduced and obtained the international information security certification ISO 27001:2013 Information Security Management System, and the ISO 22301:2019 certification in the same year and continued their validity in 2024. By operating effective information security governance, legal compliance, risk control and audit review mechanisms, and in conjunction with the application of technology, we comprehensively enhance the information security protection capabilities. In addition, we have established the "Operating Regulations of Information Security Reporting and Response" to manage information security incidents at different levels (Level 1 to 4). When emergencies such as the information and communication systems compromised by various factors or inappropriate use, the required reporting and responses may be taken to reduce the probability of possible damage, and ensure the normal operation of the Company's information and communication systems.
