Corporate Governancee Operation

In accordance with the guidelines for establishing internal control systems for publicly traded companies and relevant regulations, our company has developed an internal audit system and regularly reports the execution of audit activities to the board of directors. The Internal Audit Department directly reports to the board of directors and is currently headed by one Audit Manager. The appointment and removal of the Audit Manager require approval from the Audit Committee and subsequent approval by the board of directors. Additionally, an Audit Deputy is also appointed.

The purpose of internal auditing is to assist the board of directors and management in identifying deficiencies in internal control systems, evaluating the effectiveness and efficiency of operations, and providing timely improvement recommendations. This ensures the continuous and effective implementation of internal control systems and serves as a basis for reviewing and revising these systems.

Our company’s existing management systems and procedures are well understood by the internal audit team. Any anomalies identified during the audit process, apart from human error, are thoroughly reviewed in terms of operational procedures or internal controls, and effective improvement suggestions are provided.

Continuing Education Status for the Year:

Cyber Security Management

Structure of Security Management Control Committee To ensure security of information assets of iST and its customers, iST set up the security control committee at the end of 2018, and obtained the certification of ISO/IEC 27001:2013 Information Security Management System (ISMS) in October 2020. The validity of certification expires on Oct. 31, 2025.

《View Certificate》

Chief Information Security Officer is the convener of the meeting of security control committee. Heads of divisions are members of the committee, and personnel from each functional department take part in the information security task force, emergency response task force, information security audit task force, and document management center, etc. A total of 24 people are involved as stated above. The committee integrates internal resources of iST to conduct risk assessment for information security, and prepares the annual information security plan and inspection standards. In addition, it also coordinates relevant resources and cross-functional activities, takes various information security controls, holds the annual information security educational training for personnel, and deals with information security audit operations. The security control committee holds a meeting every half year to review and resolve on guidelines for and policies of information security and information protection and ensure effectiveness of information security management measures. The committee may also hold a meeting from time to time based on the needs of management of information security risk. The convener of the safety control committee represents the committee and reports to the board of directors every year.

As of 2022 and the date of print of the annual report, iST did not incur any loss because of a material cyber security incident and was not fined for any serious incident.

1. Policy Vision and Objectives
2. Specific Management Plans and Resource Allocation
3. Information Security Risks and Management Measures

The company has established the “Internal Material Information Handling and Insider Trading Prevention Operating Procedure” to manage and prevent insider trading. This procedure specifies that company insiders, upon obtaining access to significant financial reports or related performance information, including (but not limited to) directors, are prohibited from trading stocks or other equity securities of the company listed or traded in securities business locations within a closed period of thirty days prior to the announcement of annual financial reports and fifteen days prior to the announcement of quarterly financial reports. This information is disclosed on the company’s website to regulate and prohibit insiders, such as directors or employees, from trading securities using undisclosed market information. This procedure serves as the company’s internal significant information handling and disclosure mechanism to prevent insider trading.

• The company conducts annual training on business confidentiality and related matters, requiring new and existing employees to participate in online learning for a specified number of hours. This strengthens awareness of legal compliance to avoid violations.
• Every year, the company plans educational hours for directors and provides information on courses related to preventing insider trading for insiders and directors

Implementation in the Current Year:

The company operates based on the principles of fairness, honesty, integrity, and transparency in its business activities. It enforces an ethical business policy and actively prevents dishonest behavior. The company has established the “Ethical Business Operation Procedure and Code of Conduct” in accordance with the “Integrity Operating Guidelines for Listed and OTC Companies” and relevant laws and regulations in the operating jurisdiction of the company and its group enterprises and organizations. This procedure has been approved by the board of directors. The scope of this procedure applies to the company’s subsidiaries, entities or institutions with substantial control, and corporate enterprises and organizations where cumulative donations exceed fifty percent of funds.

The “Ethical Business Operation Procedure and Code of Conduct” has been disclosed in the internal staff area. Since December of 2020, the Management Department has taken on the role of the dedicated unit for promoting corporate ethical business practices. This department is responsible for assisting the board of directors and management in formulating and overseeing the execution of ethical business policies and prevention measures, ensuring the implementation of ethical business guidelines. The department reports the progress and outcomes of ethical business promotion and execution to the board of directors annually.

The “Ethical Business Operation Procedure and Code of Conduct” has been disclosed in the internal staff area. Since December of 2020, the Management Department has taken on the role of the dedicated unit for promoting corporate ethical business practices. This department is responsible for assisting the board of directors and management in formulating and overseeing the execution of ethical business policies and prevention measures, ensuring the implementation of ethical business guidelines. The department reports the progress and outcomes of ethical business promotion and execution to the board of directors annually.

Implementation in the Current Year:

Succession Plan and Operation for Board Members

The company currently has ten directors, including four independent directors. They come from various fields, such as academic scholars with professional knowledge, industry professionals, and individuals with extensive practical experience in business, law, finance, accounting, and sales management. Most directors have held decision-making positions in various major industries for many years, making them familiar with industry and company operation and leadership decisions.

The appointment of directors in the company follows the “Director Election Rules” unless specified otherwise by laws or regulations. To enhance the effectiveness of director functions, the company regularly arranges annual training courses for directors to update their professional knowledge based on changes in the internal and external environment of the company and development needs. The company has also established the “Director Performance Evaluation Rules” and conducts an annual performance evaluation of both the board as a whole and individual director. The evaluation results serve as a reference for selecting or nominating directors for future appointments.

Succession Plan and Operation for Key Management

In the succession planning, apart from requiring successors to possess outstanding professional abilities, the company annually tailors training schedules according to the company’s development strategy, investment plans, individual traits, and career plans of each executive. This involves crafting a learning path tailored to each individual. The succession plan for the senior management level is outlined as follows:

• Senior Management Functional Training:
  Annually, we tailor training schedules based on individual job requirements and learning status. We also periodically organize educational training sessions with professional institutions or executive consensus camps. Through diverse approaches, we aim to nurture skills in strategic planning, market expansion, industry knowledge, leadership, and human resource utilization, enhancing operational management capabilities and practical experience. This allows for deeper involvement in the company’s operational development to meet future succession planning needs.
• Development of Senior Executives:
  For each potential candidate, their level of maturity as a successor is assessed annually. High-level executives and human resource managers collaborate to develop and implement cultivation plans. These plans encompass undertaking project assignments, secondments to related enterprises, internal job rotations, benchmark learning, and management courses. The suitability of reserve candidates is evaluated through mentorship programs, compensation committees, and board reviews.