Security Committee

Purpose

  • In order to reach the goal of company sustainable management, decrease the operating risk and fulfill customer security criteria, we established ASEKH Security committee to define the standard of security management.

Scope

  • ASEKH 32 Buildings
  • Factory/Product/Information/Personnel/Patent/Legal

Security Policy

TASEKH is committed to the security protection and continual improvement of security environment. The security management is divided into three Policies and six Management strategies.

Three Policies:

  1. SEKH all information assets are owned by ASE, all within but not limited the patents, products, personnel, information, factory (including of industrial cyber security) and legal data are vested in the company's property. To maintain effective use of company resources and prevent leaks of confidential company assets, the company is entitled to record, access to, access, review, processing, or replicate.
  2. ASEKH regulated by the members of the organization, where the use of the services company to provide services or perform the job who has the responsibility to protect its assets, to prevent it from being of accessing, tampering, unauthorized destruction or improper revealed.
  3. ASEKH all unit managers must be responsible for their assets by areas or held, build monitoring and control mechanisms to ensure the confidentiality of the company's critical assets, integrity and availability.

Six Management strategies:

  1. assess security risks for all patents, products, personnel, information, factory (including of industrial cyber security) and legal to design and execution of appropriate control.
  2. follow security standard formulation of this policy in order to properly maintain the confidentiality and integrity of the company and customer assets.
  3. protect assets, to prevent accidental or deliberate damage suffered occasional danger, tampering, improper disclosure or loss (including theft of physical or electronic means) to ensure that the interests of the Company, and follow the requirements of laws and regulations.
  4. follow need to know principle of confidentiality, confidential assets only to let people know you need to know. To achieve this principle requires, assets according to their level of confidentiality shall be divided into different levels, but also the organization of a person according to their functions into a different access levels. Access to assets need to consider the personal job function, and unauthorized inaccessible.
  5. Follow Segregation of duty principles, to achieve a reasonable division of labor organizations.
  6. follow the least privilege principle, the user can only be granted minimal access authorized to perform work without any additional permission.

All security development, modify, review and control, it shall comply with and follow the ASE's Security Management System policy.

Certification