For critical operational issues and risks, we conduct systematic evaluations and analyses. We implement relevant management systems, develop well-defined risk strategies and actions, and integrate them with sound operational management practices. This ensures the balance between business operations and risks, establishing a solid foundation for sustainable business practices.

Business Integrity

To implement honest management and eliminate improper business practices, OUCC has formulated the "Best Practice Principles of Ethical Corporate Management" and "Code of Ethics" and provided regular education and publicity to regulate the business behavior of Directors, Managers, and employees. In 2024, 339 employees participated in 181.5 hours of training.

We require Directors and senior management to issue a statement of compliance with the integrity management policy. Directors, Managers, and employees are stipulated not to directly or indirectly provide, promise, request, or accept any improper benefits, engage in dishonest acts that violate integrity, or breach fiduciary obligations while engaging in business conduct.

The preceding policies and provisions are published on the company website to communicate and publicize to relevant stakeholders. OUCC shall issue punitive actions for any violation of the preceding provisions according to law. We also provide multiple communication channels with confidential precautions. When any violation of the integrity management regulations occurs, illegal behavior will be disciplined righteously.

Effective operation of the internal control system is ensured by an independent audit department directly responsible to the Board of Directors. In addition to regular business audit reports to the Audit Committee, the audit officer also reports at the Board of Directors meetings. 
OUCC values issues in terms of ESG, internal control, and internal audit. The 2024 audit plan included reviews on corporate governance, financial operations, environmental and labor safety, information, R&D and other related operations, which were conducted to ensure the company operations and information disclosure met the expectations of all the stakeholders.
In compliance with the requirements of TWSE, OUCC established the preparation and assurance procedures for the sustainability report in November 2024 to manage sustainability information and has arranged to formally incorporate the review of sustainability information into internal audit projects starting from 2025 to enhance the reliability and transparency of OUCC's sustainability information.

Information Security Risk Management

To safeguard the operative continuity, information safety, and relevant assets from the impact of unendurable risks, OUCC has embarked on the cloudification project and transformed databases to Amazon Web Services (AWS), whose cloudification service indicator achieving 99.99999999. Furthermore, OUCC’s IT security organization assesses periodically the IT security risks and adopts various countermeasures accordingly. (AWS ISO 27001 Certification)

1.IT Security Organization 

For the "IT Security Management Organization," OUCC plans to set up an IT security chief as an information security management representative to supervise information security and a personal for information policy implementation.

Starting from 2025, OUCC conducts "Information Security Risk Assessment" regularly every year. Information security personnel will perform vulnerability scans based on the company's information security to obtain information security risk assessment reports. In addition, the adjustments to the information security structure will be reported at the meeting, followed by explanation and discussion, as well as subsequent improvement project execution.

2.Management Approach

OUCC’s risk transfer and contingency strategies include management mechanisms such as risk assessment, risk transfer, emergency response and maintenance audit to secure proper operation of the information system.

3.Action Program

OUCC has established offsite redundancy and data backup mechanisms based on the risk level of the information system to ensure uninterrupted service. In 2024, the data center migration to Amazon Cloud (AWS) has been completed, using its 99.9% SLA security mechanism to improve data center security, effectively reduce the risk of interruptions caused by natural disasters, human negligence or hacker attacks, and ensure that the expected system recovery goals are achieved.
In addition, information management methods are set up to establish a secure environment for information systems. However, even if multiple information security protection measures are adopted, the risk of third-party attacks cannot be completely eliminated. Therefore, the company continues to strengthen information security education and awareness promotion and gradually introduces zero-trust structure in response to new hacker attack methods. In 2024, two-factor authentication (MFA) has been fully promoted to enhance account security; a privileged account management system has also been introduced to control high-authority accounts of information personnel and external suppliers, prevent information security threats, and continuously improve overall information security protection capabilities.

The following measures are being adopted to manage the employees’ privately owned computers in the workplace:

• Controlling devices’ unauthorized access to the company intranet (802.1X)
• Setting different policies and rules according to different management rules
• Assigning the end equipment to designated VLAN based on the identity of the user
• Supporting the management with switches of different vendors
• Using unified management interface to simplify IT work
• Identifying and monitoring the connected devices in the company and their status instantly
• Creating audit logs of the company intranet

To prevent data breach disguised as legitimate actions, OUCC uses a Privilege Access Management (PAM) system to avoid credential theft and the threats caused by privilege abuse.
To manage the user accounts of the system, the random one-time passwords are generated and become invalid upon the completion of each task to prevent or reduce the risk of lost or hacked passwords.

OUCC promoted the data center cloudification project in Q1/2024 to head towards Green IT and achieve the goal of ESG net zero carbon reduction. The data center cloudification project plan is as follows :

1. Only network information and communication equipment remain in the Taipei and Kaohsiung data centers.
2. All servers in the original data centers are moved to the cloud.

Effects：

• The space of the IT hub could be reused
• Achieve the ESG net-zero carbon emission target
• Resources may be swiftly adjusted at the cloud according to needs

» The (green) power cost of self-built hub is about 1.65 NT$ million yearly, and the estimated (green) power cost after cloudification is 0.65 NT$ million yearly.
» With cloud services, physical equipment purchase is no longer required, and the quick expansion or removal according to needs serves the purpose of cost saving.
» The pricing method is based on how much is used, with more flexibility.