Information Security Policy Statement

I. Purpose

To establish a secure, reliable, and sustainable information operating environment, LuxNet Corporation (hereinafter referred to as "the Company") has established this Information Security Policy. This policy serves as the foundation for information security management and continuous improvement, ensuring the Confidentiality, Integrity, and Availability (CIA) of the Company's information assets, maintaining regulatory compliance, and supporting business growth and service quality.

II. Scope

  • Personnel: This policy applies to all full-time employees, contract staff, interns, outsourced service providers, vendors, and any other personnel who access the Company’s information, systems, equipment, networks, or documents for business purposes.

  • Assets & Operations: This policy covers all internal information processing operations, as well as the collection, processing, transmission, storage, and protection of data involving the Company’s information systems, network equipment, cloud services, and websites.

III. Policy Statement

The Company’s information security management shall be aligned with the ISO/IEC 27001 framework, integrating risk-based management, regulatory compliance, segregation of duties, and continuous improvement mechanisms to ensure the effectiveness of the Information Security Management System (ISMS).

The Company declares that "Information Security is Everyone's Responsibility." All personnel who interact with corporate information assets, systems, and services are responsible for maintaining information security.

IV. Information Security Objectives

  1. Asset Protection: Safeguard the Company's information hardware infrastructure and intellectual property.

  2. Confidentiality: Prevent the leakage of operational data and business secrets.

  3. Availability & Resilience: Ensure the stable operation of information systems and minimize the risk of service disruptions or damages.

  4. Awareness: Strengthen information security awareness and accountability among all employees, integrating security requirements into daily operations.

  5. Compliance: Adhere to personal data protection laws, trade secret laws, and all other relevant statutory regulations.

V. Commitments and Management Requirements

  • Infrastructure & IP Security: The Company commits to establishing a comprehensive asset management system—including inventory, labeling, usage, and disposal protocols for hardware, systems, and storage media—applying physical and technical safeguards to protect hardware and intellectual property.

  • Data Breach Prevention: The Company commits to implementing data classification and access controls based on the Principle of Least Privilege. Necessary encryption and confidentiality measures shall be enforced to prevent the unauthorized disclosure of operational and business secrets.

  • System Stability & Continuity: The Company commits to establishing robust system maintenance, backup and recovery, incident reporting, and emergency response mechanisms. Change management and maintenance tasks will be strictly governed to minimize disruption risks.

  • Education & Accountability: The Company commits to defining clear security responsibilities for all personnel. Regular security awareness programs and training will be conducted to ensure that security requirements are ingrained in daily workflows.

  • Legal & Regulatory Compliance: The Company commits to complying with the Personal Data Protection Act, Trade Secret Act, and other relevant laws. Management standards will be updated regularly through inspections, audits, and improvement cycles to ensure ongoing compliance with legal and corporate requirements.

VI. Review and Continuous Improvement

This policy shall be reviewed periodically and updated as necessary in response to business developments, legislative changes, technological advancements, and the evolving threat landscape to ensure the continued suitability and effectiveness of the ISMS.

This policy, and any subsequent amendments, shall take effect upon official approval and shall be communicated to all employees and relevant third parties through appropriate channels.