Under the premise of legal compliance and ethical corporate management, we will continue to strengthen the assessment and response of operational risks and opportunities; optimize external communication channels; establish a convenient, quick, accurate, and secure information network; and develop the core literacy and attitude required for sustainable development.
| Issue | Goal | 2022 Target | 2022 Status |
|---|---|---|---|
| Governmance Mechanism |
|
Board meeting attendance > 85% | |
| Average study hours per director reach 6 hours | |||
| No significant defects in internal control project review | |||
| Complaince |
|
No significant violation cases occur | |
| Ethics |
|
Establish annual required courses (integrity, ethics, insider trading) | |
| Disclosure |
|
Corporate Governance Evaluation ranked 21% to 35% | |
| Cybersecurity |
|
Implement ISO 27001 and obtain third-party validation |
_Responsibility%20Sharing_2022ESG_BoD_autoxauto.webp)
_Responsibility%20Sharing_2022ESG_FunctionalCommittees_BoD-01_autoxauto.webp)
_Responsibility%20Sharing_2022ESG_FunctionalCommittees_BoD-02_autoxauto.webp)
The total hours of training received by employees in 2022 was 1,213. We have a reporting mailbox (wb@zjhongyu.cn) and encourage internal and external stakeholders to report unethical and improper behavior. A bonus less than NT$10,000 will be granted to the whistleblower depending on the severity of the case. The whistleblower is guaranteed not to be treated inappropriately due to the whistleblowing. Fitipower did not face any ethical corporate management violation cases in 2022 or identify any violations of laws or internal regulations (including and laws and regulations governing environment, health and safety, labor, marketing and promotion and product labeling, unfair competition).
All management units must periodically assess and review risk issues. After the president make advanced and professional judgments based on his risk business experience, the development of preventive action, controls, and related alerts of critical risk issues in business management are reported to the Board periodically.
_Responsibility%20Sharing_2022ESG_2022Risk-01_autoxauto.webp)
_Responsibility%20Sharing_2022ESG_2022Risk-02_autoxauto.webp)
_Responsibility%20Sharing_2022ESG_2022Risk-03_autoxauto.webp)
We continue to invest in resources to build up our information security protection capabilities. Therefore, we introduced a two-factor authentication (2FA) and device identification in 2022 in response to the rise of remote demand. In addition, to ensure that Fitipower’s information management is effectively executed and is able to face potential risks, we established ISO 27001 information security management system, Security Operation Center (SOC), and an Information Security Committee in 2022. By upholding the PDCA cycle management principle, we have built a comprehensive information security risk assessment and management system to ensure the achievement of objectives and continuous improvement. The management of the system focuses on three major aspects: “external defense”, “internal control”, and “cybersecurity awareness”, and is expected to be certified by a third-party entity in 2023. The Information Security Committee reports to the Board of Directors on its operations and planned actions on a regular basis. In 2022, no complaint regarding the breach of customer privacy and information theft, leakage, and loss was reported. We implemented one information security drill (phishing drill) and arranged post-hoc training and tests for employees with insufficient information security awareness. All these employees have passed the post-hoc tests to ensure the effective implementation of the information security policies.
_Responsibility%20Sharing_2022ESG_Cybersecurity_PDCA_Committee_autoxauto.webp)
