Responsibility Sharing
Download
Under the premise of legal compliance and ethical corporate management, we will continue to strengthen the assessment and response of operational risks and opportunities; optimize external communication channels; establish a convenient, quick, accurate, and secure information network; and develop the core literacy and attitude required for sustainable development.
Goals
Issue |
Goal |
2022 Target |
2022 Status |
Governmance Mechanism |
- Board meeting attendance increases by 5% annually (compared to the target set in the previous year)
- Average study hours per director reach 6 hours
- No significant defects in internal control project review
|
Board meeting attendance > 85% |
|
Average study hours per director reach 6 hours |
|
No significant defects in internal control project review |
|
Complaince |
- No significant violation cases occur
|
No significant violation cases occur |
|
Ethics |
- Annual required courses are taken at a completion rate of 100%
|
Establish annual required courses (integrity, ethics, insider trading) |
|
Disclosure |
- Corporate Governance Evaluation ranked top 20%
- Engagement in both domestic and international sustainability assessments
|
Corporate Governance Evaluation ranked 21% to 35% |
|
Cybersecurity |
- Continue to build a comprehensive cybersecurity management system to eliminate the risk of financial impact and goodwill damage arising from cybersecurity events by implementing external defense, internal control and improvement of the overall cybersecurity awareness among the employees.
|
Implement ISO 27001 and obtain third-party validation |
|
Fitipower Organizational Chart
Governance Structure
Regulatory Compliance and Professional Ethics
The total hours of training received by employees in 2022 was 1,213. We have a reporting mailbox (wb@zjhongyu.cn) and encourage internal and external stakeholders to report unethical and improper behavior. A bonus less than NT$10,000 will be granted to the whistleblower depending on the severity of the case. The whistleblower is guaranteed not to be treated inappropriately due to the whistleblowing. Fitipower did not face any ethical corporate management violation cases in 2022 or identify any violations of laws or internal regulations (including and laws and regulations governing environment, health and safety, labor, marketing and promotion and product labeling, unfair competition).
Risk Management
All management units must periodically assess and review risk issues. After the president make advanced and professional judgments based on his risk business experience, the development of preventive action, controls, and related alerts of critical risk issues in business management are reported to the Board periodically.
Cybersecurity
We continue to invest in resources to build up our information security protection capabilities. Therefore, we introduced a two-factor authentication (2FA) and device identification in 2022 in response to the rise of remote demand. In addition, to ensure that Fitipower’s information management is effectively executed and is able to face potential risks, we established ISO 27001 information security management system, Security Operation Center (SOC), and an Information Security Committee in 2022. By upholding the PDCA cycle management principle, we have built a comprehensive information security risk assessment and management system to ensure the achievement of objectives and continuous improvement. The management of the system focuses on three major aspects: “external defense”, “internal control”, and “cybersecurity awareness”, and is expected to be certified by a third-party entity in 2023. The Information Security Committee reports to the Board of Directors on its operations and planned actions on a regular basis. In 2022, no complaint regarding the breach of customer privacy and information theft, leakage, and loss was reported. We implemented one information security drill (phishing drill) and arranged post-hoc training and tests for employees with insufficient information security awareness. All these employees have passed the post-hoc tests to ensure the effective implementation of the information security policies.