Financial Risk Management

WNC’s business focuses on R&D, manufacturing, and product sales. The company does not engage in high-risk or highly leveraged investment activities. WNC invests funds after considerable risk assessment while closely monitoring changes in bank lending rates on a regular basis. Approximately 98.44% of WNC’s revenue was from export sales, and most of the export sales amounts are quoted in U.S. dollars. Most of the material purchasing amounts are also quoted in U.S. dollars. Therefore, the majority of our foreign currency operating exposure can be offset through our frequent purchase and selling. For remaining situations involving foreign currency operating exposure, the foreign currency is converted to NT dollars depending on liquidity needs and market conditions. WNC’s action plans to cope with the impact of changes in interest rates, exchange rates, and inflation are:

Business Risk Management

WNC complies with government decrees and regulations and adjusts its internal policies in accordance with changes in laws, thus ensuring the lawfulness of WNC’s operations. Regarding the Company’s operating status, in addition to regularly holding shareholders’ meetings and institutional investor conferences, the Company produces financial reports and sustainability reports to increase the transparency of company information, and actively invests in green product design and participates in social welfare activities, in order to meet its social responsibilities. To better secure customer and shareholders’ rights and react in a timely manner to the rapidly changing communications industry, WNC, while targeting overall sustainable development, performs risk and efficiency assessments when introducing new materials, new technologies, and new equipment so as to enhance total value of products through the most competitive quality, development speed, and cost. With strict control of expenses, operational costs and risk can also be well managed.

Business Continuity Management

WNC aims to ensure quick recovery of operations through rapid response to incidents. This is essential to ensure employee safety, prevent disruption to business operations, and to reduce the impact and loss that these incidents may cause to the environment, to WNC, or to our customers. WNC has therefore established a Significant Environmental Aspect Identification and Management Procedure, a Hazard Identification and Risk Assessment Management Procedure, a Contingency Plan Control Procedure, and a Business Continuity Plan based on major disaster scenarios. In 2023, no casualties or property losses caused by natural disasters or man-made disasters (including terrorist attacks or labor disputes, etc.) occurred at WNC headquarters or other sites.

Information Security

WNC strictly complies with the content and confidentiality commitment set forth in customer contracts. In order to implement the management of confidential information, WNC has established an Information Security Policy and an ISO/IEC 27001 information security management system and obtained external certifications. WNC (Taiwan), WNC’s sites in China and Vietnam, and US and UK subsidiaries have all completed certification, covering 75% of all locations. This ensures the confidentiality, integrity and availability of all information. After the release of ISO 27001: 2022, WNC has been working with external consulting agencies to achieve compliance with this new version and expects to obtain certification in September, 2024.

Information Security Committee

WNC established an Information Security Committee in 2014, composed of top-tier supervisors of each unit, chaired by the President and CEO, and convened by the Chief Information Security Officer (the top-tier supervisor of the Digital Information Management Division). A management review meeting is held every six months. The Committee is responsible for formulating and promoting internal information protection measures, including risk assessment, operational impact analysis, drills of disaster recovery plans, user account permissions review, firewall rules reviews, information security promotion and training, vulnerability scanning, penetration testing, management meetings, and ad hoc social engineering drills. The function teams under the Committee are the Information Security Implementation Team, Emergency Response Team and Information Security Audit Team. The teams are led by the Chief Information Security Officer.

Information Security Management System

WNC’s information security management measures can be divided into external and internal security management. Externally, firewalls and threat defense systems have been implemented in order to prevent viruses and external hackers from accessing networks. WNC assesses suppliers’ security environments and control mechanisms through information security questionnaires and strengthens the mechanism for inspecting customer and supplier personnel or equipment entering the factory. Internally, in response to the requirements of the new version of ISO/IEC 27001: 2022, WNC is conducting a thorough review of existing management, technical, and physical control mechanisms, re-evaluating and identifying the correlation between key core systems and business operations, and reinforcing and implementing control over the overall information/security environment of the enterprise. This is aimed at facilitating compliance, conformity, and adequacy with the new version requirements, thus enhancing the overall information architecture and data security framework protection. In 2023, WNC had no record of any lawsuits related to violations of confidential customer information, and no complaints were received.

Key Information Security Work Items in 2023 and 2024

Year Items
2023
  • Nurture “blue team” information security talent
  • Passed ISO/SAE 21434:2021 - Road Vehicles - Cybersecurity Engineering (ISO/SAE 21434)
  • Obtained TISAX (Trusted Information Security Assessment Exchange)
  • Introduced IEC 62443-4-1 Product Security Management System
2024
  • Continue to strengthen the structure of WNC's information security protection networks
  • Strengthen “blue team” information security talent
  • Expand the scope of application of CISRT & PISRT teams and response mechanisms
  • Expand the scope of application of the information security operations center (SOC)
  • Pass IEC 62443-4-1 Product Security Management System verification
  • Red/blue team assessment

Risk Identification

WNC conducts risk assessment operations every six months. Each WNC location proposes risk issues and conducts risk assessments. If the result of the risk assessment exceeds the acceptable risk level, each location identifies and implements risk response measures and proposes improvement or enhancement solutions. For example, WNC may introduce an Instant Messaging (IM) software control solution to reduce the risk of confidential data leakage through instant messaging software in response to customer collaborative requirements. Risk assessment results are reported at the management review meeting of the Information Security Committee. Based on the risk assessment report, the Information Security Committee determines the acceptable level of risk at the company level and serves as the basis for continuous improvement and control.

Training Courses

Information Security Training Courses in 2023

Course Name Participants No. of times course was held Total instances of attendance Training hours Completion rate
Information security policies and regulations promotion New employees 1 332 0.5 87.8%
Supply chain information security risks management Management unit for the establishment and maintenance suppliers of production line machinery 1 662 1.0 91.3%
OT security management and protection Networked measuring instruments/equipment maintenance unit 1 383 1.0 96.5%
Defenses against social engineering Employees who fail phishing tests 1 159 1.0 83.2%
Information security general knowledge courses I & II IDL 1 4,069 0.5 83.8%