CHLITINA Holding Limited

To ensure the company’s information security and the high availability of its systems, the company has been continuously investing in information security over the past few years. It has established an Information Security Management Team and, in accordance with the National Cyber Security Level Assessment (S3A3) requirements, has developed an Information Security Management System and Information Security Management Practical Rules. The Information Department and the Audit Department regularly inspect and audit the implementation of various information security-related measures to minimize the risk of information security incidents.

Organizational aspects of the information security management system

Cybersecurity and Data Protection Policy

In response to the dynamic nature of our business operations and diversified transaction models, we strictly adhere to Taiwan’s Personal Data Protection Act, and to China’s Data Security Law and Information Security Classified Protection 2.0 Standards. To enhance information security, prevent data breaches, and mitigate transaction risks, we have reinforced protections across our proprietary systems—“Chlitina Store Management System” and “Chlitina Portal System”—through the following measures:
-Optimization of Access Control: Restricted permissions for sensitive data access;
-Introduction of an Audit Log System: Real-time monitoring and recording of operational activities;
-Implementation of a Security Platform: Advanced defense mechanisms to minimize cybersecurity risks.
These upgrades significantly reduce risks of customer data exposure and transaction vulnerabilities while ensuring stable, secure, and compliant digital operations.

Specific management plans

The Company controls cyber security in four aspects:

Platforms

Integrate all important systems into the cloud, learn and use the latest cloud technologies, conduct off-site backup of cloud systems, and implement SaaS security protection.

Tools

Install a security posture awareness system, control the authorization of network access by terminal equipment, pre-check for and isolate risks, and set security lines for network access by terminal equipment to reduce security concerns.

Data

Establish a password management system and perform structured data management (various types of databases), and non-structured data management (file servers).

Network

Integrate the Group’s networks, wireless and network access authorization (including mobile terminals), and the Group’s monitoring equipment.

To secure the Company’s data assets and ensure business continuity, the Company has upgraded hardware and software related to cyber security, data backup, and network access in the last three years. We have conducted measurement and quantitative analysis of information security indicators based on audit results and performed information security assessment through regular information security simulation drills to ensure the continuous effectiveness of information security measures.

Implementation status in 2024

Information Security Team: Chlitina has assigned five professional cybersecurity personnel responsible for information security management and risk prevention, ensuring the effective implementation of security policies and the stable operation of systems.
Network and System Security Investment: The company invested NT$2.15 million in cybersecurity software and hardware upgrades, system maintenance, and optimization, effectively reducing potential risks.
Information Security Audit Mechanism: Regular internal and external audits are conducted to comprehensively review information security policies and protective measures, ensuring continuous compliance with the latest standards and regulatory requirements.
Cybersecurity Training and Awareness: Awareness activities and tests are held periodically to strengthen employees’ information security awareness and risk response capabilities, preventing human-related security incidents.
Cloud Backup and Recovery Testing: At least one cloud backup and restoration test is carried out annually to ensure the effectiveness of backup systems and validate data recovery capabilities in emergencies, thereby safeguarding business continuity.
Chlitina Store Management System Certification: The system has obtained Cybersecurity Classified Protection certification, complying with national cybersecurity compliance standards.
Chlitina Portal System Certification: The system has obtained Cybersecurity Classified Protection certification, complying with national cybersecurity compliance standards.
Application System Risk Scanning and Penetration Testing: Automated risk scans and penetration tests are conducted periodically to simulate real-world attack scenarios, comprehensively identify potential vulnerabilities, enable timely fixes, and further reduce the risk of system intrusion.
Private Cloud Platform Optimization: The private cloud architecture has been upgraded and optimized to enhance resource utilization efficiency and overall system performance.

Performance Results

Statistics on the number of information security incidents and violations over the past four years:

Number of security incidents and fines per year	2021	2022	2023	2024
Number of security or network security incidents	0	0	0	0
Number of data breach incidents	0	0	0	0
Number of security incidents involving customer personal data	0	0	0	0
Number of customers and employees affected by incidents or data breaches	0	0	0	0
Amount of fines for information security or network security related incidents	0	0	0	0

Swipe to view the complete table

Number of security or network security incidents	2021	2022	2023	2024
Number of data breach incidents	0	0	0	0
Number of data breach incidents	0	0	0	0
Number of security incidents involving customer personal data	0	0	0	0
Number of customers and employees affected by incidents or data breaches	0	0	0	0
Amount of fines for information security or network security related incidents	0	0	0	0