Information Security Policy

Key Highlights of Our Information Security Policy

1. Purpose

eCloudEdge Digital Innovation Co., Ltd. (hereinafter "the Company") has established this Information Security Policy (hereinafter "this Policy") to promote an information security management system, build a secure and trustworthy information operating environment, and ensure the security of data, systems, equipment, and networks — with the goal of maintaining information security, improving service quality, and achieving sustainable operations.

2. Scope of Application

All employees, partners, and organizations affiliated with the Company are responsible for complying with this Policy.

3. Guiding Principle

"Information security is everyone's responsibility."

4. Information Security Policy and Objectives

  • All Company employees must sign the Company's "Employee Agreement." External personnel participating in Company projects must sign a "Non-Disclosure Agreement (NDA)" and comply with relevant national laws and regulations, including the Trade Secrets Act, Personal Data Protection Act, Cybersecurity Management Act, Copyright Act, and Criminal Code. Incidents of data leakage or legal violations are strictly prohibited.
  • Access to or modification of commissioned, collaborative, or project data must be subject to access controls. Sensitive (confidential) information must be encrypted prior to transmission.
  • Information Security Objectives and Metrics:
    • Confidentiality: Quarterly review — zero incidents of confirmed sensitive data leakage permitted.
    • Integrity: Quarterly review — zero incidents of confirmed data tampering permitted.
    • Availability: Monthly review — NeoEdge Central SLA must not fall below 99.9%.
    • Legal Compliance: Annual review of information security management practices — zero violations of the Personal Data Protection Act, Trade Secrets Act, Cybersecurity Management Act, or other applicable national regulations permitted.
    • All employees must complete at least 1 hour of information security awareness training per year.
    • Dedicated information security personnel must complete at least 3 hours of professional cybersecurity training per year.

5. Review

This Policy shall be reviewed at least once per year to reflect the latest developments in government regulations, technology, and business operations, and to ensure the Company's ability to sustain continuous operations.

6. Implementation

This Policy takes effect upon approval by the Company's administrative management personnel. The same applies to any future revisions.