Sustainable Risk Control
Risk Management

OUCC places great emphasis on risk management. In addition to the daily information security, defense of hacker attack, the company has incorporated the geopolitical risks and had removed all the data to the cloud data center as a countermeasure.

For critical operational issues and risks, we conduct systematic evaluations and analyses. We implement relevant management systems, develop well-defined risk strategies and actions, and integrate them with sound operational management practices. This ensures the balance between business operations and risks, establishing a solid foundation for sustainable business practices.

Sustainable Risk Control


 
Task Force on -
Climate related Financial Disclosures (TCFD)

To transparently disclose climate change-related risks and opportunities, and to ensure that stakeholders understand OUCC's efforts and strategies in addressing climate change.
OUCC adopted the "Recommendations of the Task Force on Climate-Related Financial Disclosure (TCFD)" framework in 2023 to measure and evaluate the impact of climate change through the four major frameworks of governance,

strategy, risk management, and metrics and targets, evaluate and disclose the potential business impact of climate change issues on OUCC, and develop countermeasures to reduce the potential impact of climate change risks on our operations.

Task Force on Climate-related Financial Disclosures (TCFD) comparison table
 
Sustainable Risk Control
Sustainable Risk Control
 

OUCC Material Climate Risk Matrix

 
Physical Risks Matrix
Sustainable Risk Control

 
Trasitional Risk Matrix
Sustainable Risk Control
 
Business Integrity

To implement the integrate management and eliminate improper business practices, the OUCC has formulated the "Best Practice Principles of Ethical Corporate Management" and "Code of Ethics" and provided regular education and publicity to regulate the business conduct of Directors, Managers, and employees. In 2023, 396 employees participated in 354 hours of training.

We require Directors and senior management to issue a statement of compliance with the integrity management policy. It stipulates that Directors, Managers, and employees shall not directly or indirectly provide, promise, request, or accept any improper benefits, engage in dishonest acts that violate integrity, or breach fiduciary obligations while engaging in business conduct.

The preceding policies and provisions are published on the company website to communicate and publicize to relevant stakeholders. OUCC shall issue punitive actions for any violation of the preceding provisions according to law. We also provide multiple communication channels. If there is a violation of the integrity management regulations, the illegal behavior can be reported through the appropriate channels, which will be handled confidentially.


Sustainable Risk Control

Sound Internal Control System

Designed by the managers and approved by the Board of Directors, the internal control system of the OUCC is to be implemented by the Board, the management, and other employees and is designed to provide sound management and to achieve objectives of the internal control system.


Sustainable Risk Control

Internal Audit

Effective operation of the internal control system is ensured by an independent audit department which is subordinate to the Board of Directors. In addition to regular business audit reports to the Audit Committee, the audit officer also reports at the Board of Directors meetings. 
OUCC places high value on ESG related issues, internal control, and the internal audit. The 2023 audit plan included reviews on corporate governance, financial operations, environmental and labor safety, as well as information, R&D and other related operations, which were conducted to ensure the company operations and information disclosure met with the expectations of all the stakeholders.


Sustainable Risk Control

Information Security Risk Management

To safeguard the information from the impact of unendurable risks, OUCC adopts the cloud data center offer from AWS, through migrating databases of the company to the cloud data center of Amazon Web Services (AWS), which service indicator topped 99.99999999, ensuring the sustainable operation of the company and the security of customer information.

1.IT Security Organization 

For the "IT Security Management Organization," OUCC has set up an IT security manager as an information security management representative to supervise information security, and a IT personnel accountable for IT policy implementation.

Sustainable Risk Control
 

2.Management Approach

OUCC’s risk transfer and contingency strategies include management mechanisms such as risk assessment, risk transfer, emergency response and maintenance audit to secure proper operation of the information system.

Sustainable Risk Control
 

3.Action Plans

In 2023, we implemented the two-tier authentication mechanism for personnel external login for business purposes, and introduced the GoTrust password-free zero-trust system coupled with the access gateway device (vAPV) of Array Network (3664.TWO) used as the access portal, to provide reverse proxy technology with mechanisms such as loading balance and attack prevention of service interception, allowing the front-end users to log in without password through their mobile phone or GoTrust security key (Idem Key), highly reducing the security loopholes (phishing and social attacks) of traditional password systems, and providing also the hiding and protection functions for the back-end RP application system. For relevant business information security, we also introduced SSL certificates to establish a standard specification for a password link between the website server (host) and the website browser (client), so that clients’ and internal information can be secured and without being monitored.

Sustainable Risk Control

 
Management of Employees’ Privately Owned PCs
    

The following measures are adopted to manage the employees’ privately owned computers at workplace:

  • Controlling devices' unauthorized access to the company intranet (802.1X)
  • Setting different policies and rules according to different management rules
  • Assigning the end equipment to designated VLAN based on the identity of the user
  • Supporting the management with switches of different vendors
  • Using unified management interface to simplify IT work
  • Identifying and monitoring the connected devices in the company and their status instantly
  • Creating audit logs of the company intranet

   
 
Management of Privileged Accounts

To prevent data breach disguised as legitimate actions, OUCC uses a Privilege Access Management (PAM) system to avoid credential theft and the threats caused by privilege abuse.
To manage the user accounts of the system, the random one-time passwords are generated, and become invalid upon the completion of each task to prevent or reduce the risk of lost or hacked passwords.

   
 
Future Planning: Cloud Server

With Green IT as the ESG ultimate goal to net-zero emission, the Data Center Cloudification Project in 2023 was scheduled as follows:

  1. Only network equipment remained at the IT hubs in Taipei and Kaohsiung.
  2. All servers in the original IT hubs were transferred to the Cloud.
Note: The total of electricity cost from self-purchased green energy: before transfer was NT$3.8 million, after transfer was NT$1.36 million.

 

Sustainable Risk Control
Effects:
  • The space of the IT hub could be reused
  • Achieve the ESG net-zero emission target
  • Resources may be swiftly adjusted at the cloud according to needs

» Cloud service offers the purposes of no equipment procurement, easy expansion or removal by demand, cost effective and quick introduction.
» Cost is charged based on the amount of usage with more flexibility. 

 
 
Future Planning: Cloud Server
Sustainable Risk Control       
 
Stakeholders Contactors
SHE Contactors