Articles

Avalue is committed to establishing a comprehensive and forward-looking risk management framework. Through institutionalized identification, analysis, and response processes, it effectively manages various risk sources including operational, financial, regulatory, cybersecurity, and market risks, reduces potential impacts, and enhances corporate resilience.

Avalue’s risk management policy emphasizes “prevention is better than cure” and regularly reviews risk assessment results and control strategies to align with market trends and internal operational changes. By implementing risk governance culture through internal control systems, management guidelines, employee training, and operational procedures, it ensures that all employees understand their responsibilities and obligations. In addition, Avalue only engages in financial instrument (including derivative) transactions for hedging purposes, strictly controls financial risks, and does not engage in any form of speculative operations.

Adhering to the business philosophy of “integrity, pragmatism, and truthfulness,” Avalue aims to build integrity management and quality governance, continuously strengthening corporate discipline and management transparency. As of now, the company has not experienced any incidents that have damaged its reputation and will continue to demand high standards of itself as a trusted sustainable partner for customers, shareholders, and employees.

Avalue systematically manages climate-related risks through the “Sustainability Development Committee” and its subordinate “Environmental Sustainability Working Group” and “Risk Management Working Group.” The Risk Management Working Group is responsible for identifying physical risks (such as typhoons and earthquakes) and transition risks that may be triggered by climate change and planning corresponding mitigation and response measures, integrating climate risk management into the company’s overall risk management process. Based on the geographical and climatic characteristics of the location, the main climate risks currently identified are typhoons and earthquakes, which may have short-term to long-term impacts on the company’s operations and finances, such as operational disruptions, production decline, loss of market share, and damage to brand image. To address these risks, Avalue has adopted a number of strategies, including requiring employees to work remotely, temporary production scheduling, re-evaluating supply chain management strategies, increasing diversified suppliers and logistics channels, and developing a comprehensive disaster response plan and prevention measures to enhance operational resilience and risk resistance.

Avalue deeply understands that information security is fundamental to ensuring the stable operation of all services and is also critical to maintaining brand reputation. Good data flow control and information security management are not only related to the company’s operational risks but also essential measures to protect customer privacy and corporate sensitive data. To this end, Avalue passes external audits by third-party verification companies annually, continuously ensuring that the operations within the scope of introduction comply with the requirements of the ISO 27001:2022 international standard. For the short-term goals within the next three years, Avalue will strive to expand the scope of ISO 27001:2022 verification introduction, implement bastion hosts to strengthen external connection security, and enhance the cybersecurity protection capabilities of overseas subsidiaries, comprehensively strengthening the information security system and operational resilience.

Avalue passed ISO/IEC 27001 security certification in 2023 and established a Cybersecurity Management Committee supervised by a convener. The Cybersecurity Management Committee is responsible for promoting the information security management system, establishing management procedures that comply with the ISO/IEC 27001 international standard, planning, implementing, and reviewing and improving internal cybersecurity activities, verifying various activities and their related results to meet the objective requirements of the cybersecurity management system, and ensuring its effectiveness and continuous improvement. At the same time, the company continues to comply with various privacy protection laws and regulations, and actively promotes data protection measures in accordance with its internal information security and privacy management policies, making every effort to protect the security and privacy of customer data. To strengthen cybersecurity management and defense capabilities, Avalue invested approximately NT$5 million in cybersecurity-related software and hardware construction in 2024 and continues to increase its cybersecurity budget to address the increasingly complex cybersecurity threat environment.

As of now, the company has not experienced any incidents of customer data leakage, loss, theft, or privacy violations complaints, demonstrating Avalue’s excellent performance in information protection. To further strengthen the response mechanism, Avalue has established an “Information Security Incident Management Procedure” to ensure that when incidents or disasters occur to data, systems, equipment, or networks, they can be quickly reported and emergency response measures implemented to control damage and stabilize operations in the shortest possible time. The company also has a dedicated unit, the “Cybersecurity Management Section,” responsible for the overall planning, technology introduction, and auditing of information security, continuously improving the overall cybersecurity management performance and building a solid information security defense system.

Avalue emphasizes the information security awareness of its personnel and continuously strengthens employees’ cybersecurity protection capabilities through regular education, training, and drills. The company regularly holds cybersecurity promotion and information security education training to enhance employees’ basic knowledge and response capabilities regarding information security. At the same time, it also conducts social engineering drills regularly to strengthen employees’ vigilance and identification skills in email protection, thereby reducing the risk of social engineering attacks and enhancing the overall organization’s information security defense network.