Faraday has imported the "Information Security Policy," committing to the implementation of robust information security controls. In 2023, we adopted an Information Security Management System (ISMS) and obtained ISO/IEC 27001:2022 certification in November. Annual external audits conducted by SGS Taiwan verify the organization adheres to international standards through the Plan-Do-Check-Action (PDCA) cycle. Any breaches of the information security policy or incidents involving privacy violations are handled in accordance with established procedures and subject to appropriate disciplinary actions.

Protecting the interests of customers and partners by upholding legal compliance, business ethics, and trust

Safeguarding the R&D and operational achievements to ensure market competitiveness and sustainable development

Information Security Risk Impact and Response Measures

The Risk Management Committee defines risk scenarios based on information security objectives and various risk types and conducts regular assessments. Risks exceeding acceptable levels are incorporated into mitigation plans. Additionally, we categorize information security incidents by severity and set corresponding reporting procedures and response measures. This ensures swift reporting and effective response to incidents, minimizing damage and preventing recurrence.

Strengthen security technologies and protective mechanisms

Implement measures including network security, access control and data security, physical and environmental security, terminal equipment and usage environment, threat detection and protection, system security, and supplier security to ensure robust information security management, effectively preventing both external cyberattacks and internal data breaches.

Implement training and awareness programs to enhance security awareness

• New employees must sign the Confidential Document upon onboarding and complete information security training. The training rate for new hires worldwide is 100%.
• Annual courses on information security policies and case studies are conducted. In 2024, 3,471 global participants attended information security awareness sessions, and 1,219 completed the information security training.
• To raise awareness of phishing emails, two social engineering drills were held in 2024, with 2,039 participants.

Perform routine internal and external security audits

• Internal Information Security Audit
  Faraday conducts annual internal information security audits led by the Information Security Committee. The audit evaluates six key areas of management, network environment, access control, education and awareness, backup and redundancy, and physical environment. It examines processes and records to ensure the confidentiality, integrity, and effectiveness of information protection, continuously enhancing the organization's security standards. Following the internal audit, the committee addresses corrective actions and monitors their progress. The effectiveness of the Information Security Management System (ISMS) is reviewed during management meetings.
• External Information Security Audit
  Faraday undergoes annual ISO 27001 external audits, conducted with the support of SGS Taiwan. These audits assess compliance with ISO/IEC 27001 standards, ensuring the organization effectively applies international standards through the PDCA (Plan-Do-Check-Act) cycle.

Enhance supply chain security management and protective strategies

Information security is integrated into supplier management and evaluation, covering six key aspects listed in the picture above. A "Supplier Information Security Management Specification" has been established, with assessments for new suppliers and annual audits for qualified ones. Additionally, suppliers are required to sign a confidentiality agreement when entering key areas, and any devices brought in for network access must be approved.

• 0 case of on complaints about violation of customer privacy or loss of customer information
• 100% of reviewing rate of Mail Out Keyword
• 99.1% of blocking rate of Spam mail
• 12 times of reporting external information security incidents and the countermeasures

• 100% of new recruits completing information security training
• 1,219 people of completing the information security training on Faraday eCourse
• 4 times information security advocacy; 3,471 people of finishing the relevant reading
• 2 times of social engineering drills; in a total number of 2,039 people

• 100% of new recruits signing for non-disclosure agreement and IP Ownership Requisition Form
• 100% of activating the information security control for Resigning person
• 0 times of unauthorized visitors breaking into the office area
• 0 times of major equipment failure events inside industrial environment

• 45 times of information security record audit
• 100% of completion rate for regular internal information security audit
• 100% of completion rate for regular external information security audit
• 20 suppliers of passing information security audit