Bright Future Homeland Security Co., Ltd. (hereinafter referred to as "the Company") is committed to maintaining information security to ensure that all data is adequately protected during storage, processing, transmission, and disclosure processes, in order to prevent potential damage, theft, leaks, alterations, misuse, and infringements. In order to fulfill this commitment, the Company hereby declares the adoption of the following relevant information security measures:
 
  1. Information Security Organization: The Company has established a dedicated information security organization responsible for supervising and implementing information security management systems and providing necessary resources based on internal and external issues and the requirements of stakeholders regarding information security.
  2. Management Support: The Company's management commits to continuously improving the information security system to mitigate the potential impact of information security incidents.
  3. Document and Record Management: The Company establishes information security document and record management systems to ensure the timely updating and protection of system documents and operational records.
  4. Protection of Information Assets: All personnel, outsourced service providers, and related individuals are required to protect the information assets they own, manage, or use to prevent unauthorized access, alterations, destruction, or improper disclosure.
  5. Clear Division of Responsibilities: The Company categorizes all personnel according to their responsibilities to prevent unauthorized modifications or misuse of information or services.
  6. Outsourcing Requirements: Outsourced service providers and related individuals are required to comply with the Company's information security policies and relevant standards.
  7. Business Continuity Planning: To ensure the continuous operation of the Company's information systems or operations, outsourced service providers are required to cooperate in conducting drills for business continuity planning.
  8. Performance Measurement: Regular measurement of information security indicators to assess the effectiveness of information security management systems and control procedures.
  9. Workspace Security: Implementation of security control mechanisms to prevent accidental or deliberate theft or damage to information assets in workspaces.
  10. Communication Security Management: Implementation of secure communication operation management to maintain the security of data transmission and communication.
  11. Control Process Development: Development of Control Processes follows the Company's information security policies and relevant standards.
  12. Security Incident Reporting: All Company personnel are required to remain vigilant regarding potential security incidents, vulnerabilities, and violations of information security policies, and report them according to established procedures.
  13. Legal Compliance and Auditing: The Company complies with the requirements of relevant internal and external laws and regulations, establishes corresponding control procedures, and conducts regular information security audits to ensure the continuous effective operation of information security management systems.
  14. Mobile Device Management: The Company implements policies and support measures for the use of mobile devices to manage associated risks.

This statement aims to emphasize the importance of information security and requires Company employees and relevant stakeholders to fully understand and comply with the information security statement to ensure the Company's information security.