MiTAC has set up an Information Security Promotion Committee in which the President serves as the chair, the Senior Vice President of the Digital Development Center serves as the deputy chair, and the Chief Information Security Officer (CISO) serves in the position of executive secretary. The Company has a department dedicated to cyber security. An information security manager and several information security personnel were appointed to be responsible for promoting, coordinating, overseeing and reviewing matters in relation to cyber security management. The cyber security department reports on the implementation of cyber security measures to the management or the Board of Directors on a regular basis to ensure the appropriateness and effectiveness of the operation.

To continue enhancing the information security protection and management, The company implemented the international information security management system standard ISO27001 in 2019 and successfully passed certification by the end of that year. Since then, we have maintained our commitment to information security by undergoing annual audits from a third-party verification company; we completed the ISO27001:2022 transition audit and validation at the end of 2024; this ensures our information security management system can effectively address current digital environments and emerging threats. The most recent certification is valid from February 6, 2025, to January 14, 2026.

MiTAC communicates the significance and necessity to observe the information security policy of the Company to the employees on an ongoing basis. All personnel using the information systems must participate in information security courses every year. The managers and personnel responsible for information security shall take part in professional information security training annually. Social engineering drills and relevant reviews are regularly arranged to constantly increase the employees’ awareness of information security,  and competitions related to information security are held to develop the employees’ competence of information security in an educational but entertaining manner.

We constantly gather various cyber security risk analysis indicators externally through external information security risk rating service to continuously monitor and lower information security risks. The CDM (Cyber Defense Matrix) is used to analyze and review the requirements for information security protection, in order to optimize the process of budget planning and control as well as protection measures for cyber security.

Cyber security incident response and threat intelligence  The information security incident response, handling and reporting procedures are established, including the assessment for impacts and damages caused by incidents, internal and external reporting procedures, methods for informing other affected departments, contact persons and methods for reporting of incidents.   The Company has participated in the Taiwan Computer Emergency Response Team & Coordination Center (TWCERT / CC) for receiving cyber security alerts as well as information security threat and vulnerability information in order to take preventive actions, improve information security protection capabilities and reduce the risk of being hacked.

In 2024, the IT departments at MiTAC headquarters and key production sites continued to work together on joint emergency response drills. They conducted a desktop simulation to address the crashing of the Windows system with "Blue Screen of Death" that occurred globally in July 2024 due to a software update bug from the security software company CrowdStrike. It assessed the operational continuity management, disaster recovery plans, and business operation continuity in a complex disaster. The drill aims to enhance support and collaboration between departments, strengthening overall crisis management and response capabilities.

No business interruption, data corruption, data leakage or other material information security events occurred in 2024.

Taeget 2022 2023 2024 Events causing business interruption, data corruption, data leakage or other material information security events < 1 case. 0 No business interruption, data corruption, data leakage or other material information security events. 0 No business interruption, data corruption, data leakage or other material information security events. 0 No business interruption, data corruption, data leakage or other material information security events.