Governance and Innovation / Risk Management
Risk Management
Financial Risk Management
- Strengthen the natural hedging effect of foreign currency equity and debt offsetting.
- Make plans and arrangements regarding capital income and borrowing costs in advance based on our predictions about future operational and capital requirements of the Company.
- Use auxiliary tools (such as financial derivatives) to reduce risk under proper risk guidelines.
Business Risk Management
Business Continuity Management
Information Security
WNC strictly complies with the content and confidentiality commitment set forth in customer contracts. In order to implement the management of confidential information, WNC has established an Information Security Policy and an ISO/IEC 27001 information security management system and obtained external certifications. WNC (Taiwan), WNCâs sites in China and Vietnam, and US and UK subsidiaries have all completed certification, covering 75% of all locations. This ensures the confidentiality, integrity and availability of all information. After the release of ISO 27001: 2022, WNC has been working with external consulting agencies to achieve compliance with this new version and expects to obtain certification in September, 2024.
Information Security Committee
WNC established an Information Security Committee in 2014, composed of top-tier supervisors of each unit, chaired by the President and CEO, and convened by the Chief Information Security Officer (the top-tier supervisor of the Digital Information Management Division). A management review meeting is held every six months. The Committee is responsible for formulating and promoting internal information protection measures, including risk assessment, operational impact analysis, drills of disaster recovery plans, user account permissions review, firewall rules reviews, information security promotion and training, vulnerability scanning, penetration testing, management meetings, and ad hoc social engineering drills. The function teams under the Committee are the Information Security Implementation Team, Emergency Response Team and Information Security Audit Team. The teams are led by the Chief Information Security Officer.
Information Security Management System
Key Information Security Work Items in 2023 and 2024
Year | Items |
---|---|
2023 |
|
2024 |
|
Risk Identification
WNC conducts risk assessment operations every six months. Each WNC location proposes risk issues and conducts risk assessments. If the result of the risk assessment exceeds the acceptable risk level, each location identifies and implements risk response measures and proposes improvement or enhancement solutions. For example, WNC may introduce an Instant Messaging (IM) software control solution to reduce the risk of confidential data leakage through instant messaging software in response to customer collaborative requirements. Risk assessment results are reported at the management review meeting of the Information Security Committee. Based on the risk assessment report, the Information Security Committee determines the acceptable level of risk at the company level and serves as the basis for continuous improvement and control.
Training Courses
Information Security Training Courses in 2023
Course Name | Participants | No. of times course was held | Total instances of attendance | Training hours | Completion rate |
---|---|---|---|---|---|
Information security policies and regulations promotion | New employees | 1 | 332 | 0.5 | 87.8% |
Supply chain information security risks management | Management unit for the establishment and maintenance suppliers of production line machinery | 1 | 662 | 1.0 | 91.3% |
OT security management and protection | Networked measuring instruments/equipment maintenance unit | 1 | 383 | 1.0 | 96.5% |
Defenses against social engineering | Employees who fail phishing tests | 1 | 159 | 1.0 | 83.2% |
Information security general knowledge courses I & II | IDL | 1 | 4,069 | 0.5 | 83.8% |