Target and Scope
Target: employees, suppliers, customers and operation-related information software and hardware equipment

Scope: To ensure cyber security of PharmaEngine, related regulatory systems, applied technologies, and data security criteria are defined and included as part of the management operation system in order to protect the privacy of employees, suppliers, and customers and maintain information security during business contact.
Cyber Security Risk Management Framework
  • The Cyber Security Risk Management Taskforce was formed and convened by the President & CEO in 2022. The Taskforce includes functional teams such as Document Management Team, Incident Response Team, Continuous Operation Team, Internal Audit Team and Risk Assessment Team.

  • The Cyber Security Risk Management Taskforce is responsible for defining the cyber security management policy and periodically reflecting upon and modifying it.

  • Meetings are held periodically to discuss the implementation and target achievements to ensure the operation is effective.

  • ★We set up a Cyber Security Manager in April 2023. The manager is responsible for promoting cyber security policies and targets, coordinating resource allocation on cyber security and monitoring safety measure implementation.

Policy
  1. Ensures PharmaEngine's operation is ongoing and the information technology service provided by us is stable.
  2. Ensures the confidentiality, integrity, and usability of the information assets in the custody of PharmaEngine and protects the privacy of staff data.
  3. Constructs information security risk assessment and operating plans, executes cyber security enhancement activities that abide with related regulations and laws.
Cyber Security Certificate
PharmaEngine began introducing ISO27001 International Standard for Information Security (ISIM) and obtained certification in January 2023
Effective: 2023-01-30 to 2025-10-31