Information Security Policy Statement

Recognizing that information security is the foundation for the secure operation of all services, FlySheet System Technologies Co., Ltd. / FlySheet Med-Informatics Co., Ltd. (hereinafter referred to as "the Company") has established this Information Security Policy (hereinafter referred to as "this Document"). This policy serves as the highest guiding principle for the Company's Information Security Management System (ISMS), ensuring a shared commitment to implementing information security.

Information Security Objectives

The Company’s information security objectives are to ensure the Confidentiality, Integrity, Availability, and Compliance of its core system management operations (specifically, information systems and related management activities within the scope of ISO 27001 certification). Quantitative indicators for measuring information security performance are defined and measured across various levels and functions to verify the implementation status of the ISMS and the achievement of security goals.

1. Confidentiality: Prevent any leakage of the Company’s sensitive information to the internet.
2. Integrity: Ensure the accuracy of the Company’s sensitive data (e.g., insurance data, personal data).
3. Availability: Ensure that authorized personnel can access relevant information assets within an acceptable timeframe when needed.
4. Compliance: Adhere to relevant national laws (e.g., Personal Data Protection Act, Trade Secret Act, Intellectual Property laws) to prevent infringement upon the rights of the Company or third parties.

Scope of Application

This policy applies to the entire Company.

Organization and Responsibilities

To ensure the effective operation of the ISMS, the information security organization and responsibilities shall be clearly defined to promote and maintain various management, execution, and audit tasks.

1. An information security organization shall be established to coordinate the promotion of information security matters. (Details in Attachment: Information Security Management Committee Chart.)
2. Management shall actively participate in and support the information security management system, provide relevant resources, and assign appropriate responsibilities.
3. All organizations and personnel within the scope must comply with this policy, intellectual property rights, and the Personal Data Protection Act.
4. All organizations and personnel within the scope have the responsibility to report information security incidents or vulnerabilities through appropriate mechanisms.

Implementation Principles

The implementation of the ISMS shall follow the PDCA (Plan-Do-Check-Act) cycle. This continuous and progressive approach ensures the ongoing validity and effectiveness of information security.

Review and Assessment

1. This Document shall be reviewed and assessed at least once a year. It takes into account the latest status of laws and regulations, technological changes, stakeholder expectations, business activities, internal management, and resources to ensure the effectiveness of information security practices.
2. This Document shall be revised based on the review results and will become effective upon issuance by the General Manager.
3. Upon establishment or revision, this Document shall be communicated to stakeholders (e.g., employees, suppliers, clients, external auditors) through appropriate means (e.g., email, website announcement, or printed copies).