The key points of our company's information security policy are as follows:

1. Purpose

eCloudEdge Digital Innovation Co., Ltd. (hereinafter referred to as "the Company") has established an "Information Security Policy" (hereinafter referred to as "the Policy") to promote an information security management system, create a secure and reliable information operation environment, and ensure the safety of data, systems, equipment, and networks. This Policy is aimed at ensuring information security, enhancing service quality, and achieving the goal of sustainable business operations.

2. Scope of Application

All employees, partners, or entities associated with the Company are responsible for adhering to this policy.

3. Slogan

Information Security, Everyone's Responsibility.

4. Information Security Policy and Information Security Objectives

• All employees of the Company are required to sign the "Employee Agreement," and all external parties involved in the Company's projects must sign the "Non-Disclosure Agreement." Additionally, they must comply with relevant national regulations, including the "Business Secrets Act," "Personal Data Protection Act," "Cybersecurity Management Act," "Copyright Act," and "Criminal Code," and are strictly prohibited from disclosing confidential information or engaging in any illegal activities.
• For outsourced, joint collaboration, or project-related data access or modifications, project files must have access permissions set. Sensitive (confidential) information must be encrypted before transmission.
• Information Security Goals and Measurements
  • Ensure that no incidents of sensitive data leakage occur：Perform quarterly statistics on the number of incidents involving the leakage of sensitive data, with the target of zero incidents.
  • Ensure that no incidents of data tampering occur：Perform quarterly statistics on the number of incidents involving data tampering, with the target of zero incidents
  • Ensure the availability of NeoEdge Central meets the specified service level.：Perform monthly statistics on NeoEdge Central's SLA (Service Level Agreement), with the target of not falling below 99.9%.
  • Ensure compliance with relevant laws and regulations：Conduct annual audits of the information security management system operations. The number of violations of national regulations such as the "Personal Data Protection Act," "Trade Secrets Act," and "Cybersecurity Management Act" should be zero.
  • Employees are required to complete at least 1 hour of cybersecurity awareness training annually.
  • Cybersecurity personnel are required to complete at least 3 hours of professional information security training annually.

5. Review

This policy should be reviewed at least once a year to reflect the latest developments in government regulations, technology, and business, and to ensure the company's ability to maintain sustainable operations.

6. Implementation

This policy will be implemented after approval by the company's administrative management personnel, and the same process will apply for any revisions.