Integrity Management
Our company designates the General Manager's Office as the dedicated unit responsible for promoting integrity management, including revision, implementation, interpretation, consulting services, and filing of notification content, as well as supervising implementation, and reporting to the Board of Directors at least once a year.
1、Main responsibilities Include the Following:
Assist in integrating integrity and ethical values into the company's business strategy, and cooperate with laws and regulations to establish relevant anti fraud measures to ensure honest operation.
Regularly analyze and evaluate the risks of dishonest behavior within the business scope, and based on this, develop prevention plans for dishonest behavior, and establish standard operating procedures and behavior guidelines related to work and business within each plan.
Plan internal organization, staffing, and responsibilities, and establish mutual supervision and balance mechanisms for business activities with high risks of dishonest behavior within the business scope.
Promotion and coordination of integrity policy advocacy training.
Plan a reporting system to ensure the effectiveness of implementation.
Assist the board of directors and management in verifying and evaluating the effectiveness of the preventive measures established for implementing integrity management, and regularly evaluate the compliance of relevant business processes and prepare reports.
Create and properly preserve documented information on the integrity management policy, its compliance statement, implementation commitments, and execution status.
Our company has established "Internal Major Information Processing Procedures", "Code of Ethics", "Code of Conduct for Integrity Management", "Integrity Management Procedures and Practices", and "Whistleblower System Management Measures", which have been approved by the board of directors for all colleagues to follow.
2、Integrity Advocacy
Our company holds at least one internal advocacy event every year to promote the importance of integrity to all directors, managers, and employees. Education and training are conducted through lectures, emails, or paper signatures to implement the integrity management policy and actively prevent dishonest behavior; As of now, there has been no dishonest behavior within the company, and the actual operating situation is consistent with our company's regulations.
3、Reporting system
Our company encourages internal and external personnel to report dishonest or improper behavior. Depending on the severity of the report, appropriate rewards will be given to the whistleblower. If internal personnel make false reports or malicious accusations, disciplinary action should be taken, and if the circumstances are serious, they should be dismissed.
Our company has announced an internal independent reporting email on our website for use by both internal and external personnel.
Report Email:whistleblower@donpon.com
4、Promise
The directors, managers, employees, and assigns of our company and its affiliated enterprises undertake to abide by the duty of employee cleanliness and loyalty, and declare that they will comply with the work rules and relevant company regulations, policies, and laws formulated by Dongpu Group. Based on the principles of fairness, honesty, trustworthiness, and transparency, they will perform their duties to implement Dongpu Group's policies of employee cleanliness, integrity, and loyalty, and actively prevent any violation of entrusted obligations, breach of integrity, and any illegal behavior.
Risk Management
Implementation Status for Year 2024:
Implementation status for the year 2024: Our company's risk management team has reported on risk identification, monitoring, and management measures at the board meeting on December 13, 2024.
The scope of risk management includes four aspects related to company operations: corporate governance, environmental protection (including climate and natural resources), social integration, and innovative value. It mainly includes strategic risk, operational risk, financial risk, information risk, compliance risk, integrity risk, and other emerging risks (such as climate change, biodiversity, forests, water, or infectious disease related risks), and follows relevant laws and regulations to identify, analyze, evaluate, respond to, monitor, and report on their significant risk impacts.
1、Risk Management Organizational Structure and Responsibilities
The Risk Management Team, led by the President as convener, is the designated authority responsible for executing risk management tasks. The team shall hold at least one meeting annually and report the outcomes of risk management activities to the Sustainability Committee on a regular basis.
As an independent unit under the Board of Directors, the Internal Audit Office is responsible for developing the annual audit plan and conducting internal audits. It assists the Board and management in reviewing the effectiveness of the internal control system, assessing operational efficiency and effectiveness, and providing timely recommendations for improvement.
Department heads or designated risk personnel within each functional unit are responsible for first-line risk management. They must identify, monitor, and mitigate risks related to their respective areas during daily operations, ensuring that risk control mechanisms and procedures are effectively implemented.
2、Risk Management Policy
Our company adheres to the concept of sustainable operation, and through the establishment, implementation, and maintenance of a proactive risk management mechanism, we continuously grasp internal and external issues and environmental changes, implement operational impact analysis, and have the ability to effectively and flexibly respond to related challenges. We regularly self examine and continuously improve the company's resilience to fulfill our commitment to uninterrupted operations and protect the best interests of customers and stakeholders.
3、Risk Management Procedure
Risk identification: Personnel from each responsible department should identify potential risks faced by the company within their scope of authority.
Risk measurement: After identifying potential risks that each responsible department may face, appropriate measurement methods should be developed as the basis for risk management.
Risk monitoring: Each responsible department should monitor the potential risks of their business. When evaluating the degree of risk that may cause damage, they should propose corresponding measures and report the risks and corresponding measures in the management meeting.
Risk response: After evaluating and summarizing the risks, each responsible department should take appropriate response measures for the potential risks they face, such as risk identification and clarification, evaluation reports, and implementation of contingency control plans.
Risk reporting and disclosure: The company regularly reports the risk status to the board of directors for management reference, implements risk management procedures, and verifies execution
Information Security
1、Information Security Risk Management Framework
The responsible unit for information security in our company is the Information Unit of the Management Department, with one dedicated Information Security Supervisor and one dedicated Information Security Personnel. They are responsible for formulating internal information security policies, planning and executing information security operations, promoting and implementing information security policies, and promoting information security awareness. They regularly report the company's information security governance overview to the General Manager and the Board of Directors.
Our company's audit office is the auditing unit for information security supervision. If any deficiencies are found during the audit, we immediately require the audited unit to propose relevant improvement plans and track the effectiveness of the improvements, and regularly report to the board of directors to reduce internal security risks. Organizational Operation Mode - Procurement PDCA(Plan-Do-Check-Act) Circular management ensures the achievement of reliability goals and continuous improvement.
2、Information Security Policy
Establish a secure and reliable computerized operating environment to ensure the security of our company's data, systems, equipment, and networks, in order to safeguard the company's operations, customer rights, and the sustainable operation of information systems across all units.
Scope of Information Security Management:
Personnel management and information security education and training.
Computer system security management.
Network security management.
System access control.
System development and maintenance security management.
Information asset security management.
Physical and environmental security management.
Information system sustainable operation plan management.
Information security audit.
3、Information security management measures
In recent years, there have been frequent security risks, and our company has established a comprehensive protection system with a rigorous and responsible attitude, covering from the lowest level employee computers to the highest level external network endpoints. However, due to the constantly changing and innovative methods of third-party network attacks, the protection system cannot guarantee that it will never be vulnerable to external network attacks and intrusion risks. This risk may lead to the leakage of company secrets, harassment by viruses and ransomware, or interference with the company's production and operation, causing business losses.
In response to the above risks, our company has taken the following necessary management measures:
Develop relevant information security measures and conduct comprehensive tracking and review to address the shortcomings of existing protection systems.
Regularly inspect existing security equipment and software to maintain optimal protection status.
Sign maintenance and operation contracts with professional third-party service providers, regularly maintain equipment and update protection system data.
Indeed, perform periodic data backup tasks for the system and adopt off-site storage measures to ensure reliable data recovery.
Regularly implement disaster recovery plans and conduct drills to shorten risk time and reduce operational losses.
Conduct information security education, training, and advocacy, and establish employee awareness of information security.
4、 Resource investment in information security management
Network hardware devices such as firewalls, email antivirus, and spam filtering.
Network hardware devices such as firewalls, email antivirus, and spam filtering.
Investing manpower: such as daily system status checks, regular backup and execution of remote storage of backup media, monthly security advocacy, annual system disaster recovery simulation exercises, annual internal audits of information circulation, annual routine audits and project reviews by accountants, etc.
Security Human Resources: One Information Supervisor and one Information Engineer, responsible for security architecture design, security operation and monitoring, security incident response and investigation, security policy review and revision.
