UNIXAN International Technology - About Unixan

International Conferences

Regarding our philosophy, direction, and ambition for products and services, our company has developed them into an Information Security Policy, with the aspiration to:

Establish a robust information security system
Strengthen a resilient cybersecurity environment
Cultivate the team's information security capabilities
Deliver high-quality products and services
Our ultimate goal is to achieve 100% information security.

Scope

Information security management, based on ISO/IEC 27001:2022, encompasses four categories of control measures: organizational, personnel, physical environment, and technical controls. These measures aim to prevent incidents such as improper use, leakage, tampering, or destruction of data caused by human error, malicious intent, or natural disasters, thereby mitigating potential risks and damage to the company.

Information Security Objectives

The company's objectives are established by relevant departments in accordance with the requirements of the information security policy. These objectives are quantified with performance indicators, formally approved, publicly announced, and periodically reviewed for achievement.
The objectives to be achieved by the company’s Information Security Management System (ISMS) are handled in accordance with the “Information Security Objective Setting Form” and documented in the “Information Security Objective Review Form.”

Establishment, Maintenance, Implementation, Documentation, and Management of the ISMS

Appropriate information security control objectives and measures have been selected and evaluated for feasibility and effectiveness.
All internal staff, external personnel, and third-party on-site personnel must comply with the company’s information security policies, objectives, operational procedures, internal regulations, and applicable laws and regulations.
If a third-party vendor needs to subcontract services while executing outsourced tasks for the company, the associated security risks must be assessed. The vendor must ensure proper supervision and management of the subcontractor in accordance with ISMS-related requirements.
For both internal and external project management processes, information security requirements have been clearly defined. Risk assessment results have been used to determine and implement appropriate security control measures to ensure the confidentiality, integrity, and availability of project information, and to reduce the risks of sensitive information leakage and legal violations.
The company has determined and established internal and external communication needs and protocols related to the ISMS. This includes: what to communicate, when, with whom, by whom, and through which process—ensuring appropriate communication and dissemination of ISMS-related activities for effective implementation and management.
To ensure all personnel have the capability to perform assigned duties and comply with security requirements, appropriate education and training opportunities have been provided through various channels.
Documents required by the ISMS have been protected and controlled. Records, as a special type of document, have been managed in accordance with defined requirements. A documented procedure has been established to define necessary control measures.
To demonstrate compliance with company requirements and provide evidence of effective ISMS operation, records of all relevant ISMS procedures have been established, maintained, and controlled, taking legal, regulatory, and contractual obligations into consideration.
Through security policies, objectives, internal and external audits, incident monitoring, corrective and preventive actions, and management reviews, designated security personnel shall be responsible for monitoring all risks and nonconformities, and for tracking improvements made by responsible units, in order to continually enhance ISMS effectiveness.
The company has implemented appropriate control measures to reduce nonconformities during the establishment, operation, and use of the ISMS, and to prevent their recurrence.
Preventive measures have been taken to reduce the likelihood of potential nonconformities. These measures should aim to mitigate the impact of potential problems before they occur.
The information security management plan has been revised in a timely manner based on monitoring and audit results, ensuring alignment with the company’s security policies, objectives, and overall information security requirements.