Information Security Management Policy

Information Security Management

As a leading IC design company, ITH Corporation has dedicated to advancing display and touch chip design over the years, accumulating numerous technical patents that represent the Company's most valuable assets. Therefore, the management of the Company's information security is of paramount importance. Risks to corporate information security include internal information leaks, external cyberattacks, and even non-human-caused power outages or flooding. To prevent the occurrence of various potential risks, the Company has invested substantial resources in conducting relevant drills, deploying antivirus software, and establishing information confidentiality mechanisms to fully protect the information of the Company and customers and safeguard our core value.

Information Security Management Policy

Policies and Commitments	To establish confidential information protection services that meet customer needs, we conduct regular information security attack drills to assess information security maturity and ensure the appropriateness and effectiveness of our information security regulations and procedures. At the same time, we mitigate corporate information security threats from a systemic, technical, and procedural perspective, establish contingency plans to deal with emergencies, and prevent operational disruptions.
Adjustment Measures	Continuously review and evaluate the Company’s information security regulations and procedures to ensure the effectiveness and appropriateness of information security. Review the applicability of information security policies and protective measures, and regularly report the implementation achievements to the dedicated information protection committee.

Policies and Commitments

To establish confidential information protection services that meet customer needs, we conduct regular information security attack drills to assess information security maturity and ensure the appropriateness and effectiveness of our information security regulations and procedures. At the same time, we mitigate corporate information security threats from a systemic, technical, and procedural perspective, establish contingency plans to deal with emergencies, and prevent operational disruptions.

Adjustment Measures

Continuously review and evaluate the Company’s information security regulations and procedures to ensure the effectiveness and appropriateness of information security.
Review the applicability of information security policies and protective measures, and regularly report the implementation achievements to the dedicated information protection committee.

Positive Opportunities

Introduce advanced solutions to detect, address, and continuously enhance information security protection measures, as well as to safeguard the Company against malware and hacker attacks.
Strengthen network firewalls and controls to prevent viruses and cyberattacks from spreading across machines and facilities, reducing the risk of system damage and downtime.

Negative Risks

Cyberattacks from third parties targeting the computer systems of critical business functions such as manufacturing, operations and accounting could disrupt operations and damage the Company's reputation.
Attacks may expose the Company to potential liabilities, including compensation claims from customers for losses resulting from delayed or disrupted orders. In addition, these incidents could give rise to substantial legal risks, including lawsuits or regulatory investigations stemming from the unauthorized disclosure of confidential information relating to employees, customers, or third parties for whom the Company has confidentiality obligations.

Information Security Management Items

Management Items	Implementation Frequency	Description
Disaster Recovery Drill Plan	Twice annually	Completed in June and December 2025
Social Engineering Drill	Once annually	Test released in May 2025
Customer Data Confidentiality Mechanism	Routine implementation	Encryption system upgraded to fully encrypt all files
System Vulnerability Detection	Twice annually	Implemented in June and August 2025

Resources Invested in Information Security

We continue to invest resources in information security-related sectors, with an investment of NT$2.5 million in 2024. These investments include improving governance and technical infrastructure, strengthening information security defense equipment, conducting incident response and attack/defense drills, providing education and training, comprehensively enhancing information security capabilities, and improving information security protection.

Information Security Resources Invested in 2024

Year	2022	2023	2024
Information Security Incident	0	0	0
Information Leakage Incident	0	0	0

About ITH