資安政策

Information Security Policy / Cybersecurity Policy

Last updated: May 1, 2025

Purpose

To enhance the information security management of StreamTeck Scientific Inc. (hereinafter referred to as “the Company”), ensure the confidentiality, integrity, and availability of all assets and information, comply with relevant laws and regulations, and protect it from intentional or accidental internal and external threats, this Information Security Policy is established.

Scope

The scope of application of this policy covers all employees of our company, contractors, vendors, and third-party personnel, etc.

The scope of information security management encompasses the following areas to mitigate possible risks and threats from improper use, data leakage, tampering, and destruction of information caused by human error, intentional acts, natural disasters, etc. The management items are as follows:

• ●Establishment and continual evaluation of information security policies. 

• ●Formation and operation of the information security organizational structure. 

• ●Classification, valuation, and protection of information assets. 

• ●Risk management of information security threats and vulnerabilities. 

• ●Personnel security, including training and awareness programs. 

• ●Protection of physical facilities and environmental controls. 

• ●Secure management of communications and daily operations. 

• ●Implementation of access control mechanisms. 

• ●Acquisition, development, and maintenance of secure information systems. 

• ●Management of information security incidents and response plans. 

• ●Business continuity planning and disaster recovery. 

• ●Compliance with applicable laws, regulations, standards, and contractual requirements. 

Goal

• ●Protect against unauthorized access, disclosure, alteration, or destruction of information. 

• ●Ensure compliance with applicable legal, regulatory, and contractual obligations. 

• ●Promote a culture of security awareness and continuous improvement. 

The organization for Information Security

To align with ISO 27001 standards for Information Security Management, The Company focuses on enhancing operational procedures, system safeguards, regulatory adherence, staff awareness, and technological defenses to protect data, IT infrastructure, and network communications from threats such as unauthorized access, misuse, disclosure, modification, or destruction—whether caused by human mistakes, malicious acts, or environmental events. These proactive strategies reinforce our responsibility to stakeholders and customers, while supporting the sustained and reliable operation of our business.

Information Security Committee Structure

The Company has established an information security management committee, with the CEO as the committee chairman. The committee is responsible for the formulation, development, implementation, and evaluation of the Information Security Management related policy, plans, and technical standards. The committee collaborates with the Internal Audit Unit to maintain information confidentiality and conduct security audits."

Committee Operations

The Information Security Committee convenes once per quarter. Extraordinary meetings may be convened when necessary and members of the teams must attend. The agenda of the meeting includes information security incident reports, the report of each team on the implementation of the team’s affairs, issues that require the cooperation of different units, other related suggestions, or extemporary motions.

Information Security Strategy

Cybersecurity Management Framework

To strengthen information security management, the company has progressively developed a robust, multilayered cybersecurity framework that spans personnel, processes, and technology, adapting to both internal and external changes. A dedicated cybersecurity organization leads policy development and risk management. Internal defenses are continually enhanced, and the company actively engages in threat intelligence sharing with groups like the High-Tech Cybersecurity Alliance and TWCERT/CC. Collaborations with external security experts ensure up-to-date awareness of threats and technologies, enabling swift responses to emerging risks and ensuring resilient, uninterrupted information services.

Cybersecurity Framework Adoption (NIST CSF)

The company adopts the Cybersecurity Framework (CSF) developed by the National Institute of Standards and Technology (NIST) to assess its overall information security maturity and to design strategic development roadmaps. Based on this assessment, we prioritize initiatives and allocate resources accordingly, making continuous adjustments to enhance and strengthen our cybersecurity systems. The framework is structured around five core functions: Identify, Protect, Detect, Respond, and Recover. These functions guide management actions across all stages of a cyberattack—prior to an incident (Identify and Protect), during an incident (Detect and Respond), and after an incident (Recover)—ensuring a comprehensive and resilient security posture.

Information Security Operation Practices

The company takes a proactive and structured approach to maintaining robust information security by implementing the following key operational measures:

• ●We regularly identify and review the expectations and requirements of all stakeholders involved in the information security management system, including customer-specific information security needs. 

• ●To strengthen internal awareness, we conduct ongoing employee education through information security training programs and simulated social engineering exercises, helping cultivate a strong security culture across the organization. 

• ●Comprehensive and well-defined operational procedures are established to ensure the consistent and systematic functioning of our information security management practices. 

• ●Periodic risk assessments are carried out to uncover and prioritize high-risk areas. Based on assessment results, we allocate appropriate resources to mitigate or transfer risks as needed. 

• ●Advanced tools and technologies are utilized to support the full security lifecycle—enabling timely and effective identification, protection, detection, response, and recovery against threats. 

• ●We have developed detailed incident response and recovery protocols to promptly isolate and resolve security breaches, eliminate potential threats, and minimize both the scope and impact of incidents. 

• ●To stay ahead of evolving threats, we continuously monitor emerging trends and technologies in the cybersecurity field, ensuring our defenses and security management strategies remain up to date and effective. 

Changes to This Information Security Policy

We may revise Our Information Security Policy from time to time to reflect changes in technology, regulatory requirements, or organizational needs. When updates occur, We will post the latest version of the Information Security Policy on this page.

We will also notify You of significant changes through email and/or a prominent notice on Our Service before the changes take effect. The “Last Updated” date at the top of this policy will be revised accordingly.

We encourage You to review this Information Security Policy periodically to stay informed of how We protect and manage information security. Any changes become effective once posted on this page.

Contact Us

If you have any questions or concerns regarding this Information Security Policy, You may contact us at:

• ●Email: sales@streamteck.com