Information Security Policy

Ultrontek Information Security Policy

Information Security Policy Announcement

Statement and Commitment

Ultrontek co., Ltd is committed to maintaining the highest standards of information asset protection. This Information Security Policy Statement serves as the guiding framework for implementing and maintaining our Information Security Management System (ISMS), ensuring the confidentiality, integrity, and availability (CIA) of all critical information systems.

This policy provides clear principles for all employees, who share the responsibility of safeguarding the company’s information, systems, equipment, and network. Our goal is to achieve continuous and secure business operations.

Core Policy Principles: The Three Pillars of Information Security

Our ISMS framework is built upon three core principles that serve as the foundation of our corporate information security governance:

  1. Monitor Security Risks and Implement Countermeasures
  2. Enhance Security Awareness and Ensure Business Continuity
  3. Strengthen Network Protection and Safeguard Privacy

Implementation Strategies and Details

1. Monitor Security Risks and Implement Countermeasures

We adopt a proactive approach to risk management, ensuring that our information assets remain effectively protected.

  • Regular Risk Assessments:
    Conduct systematic and periodic risk assessments to identify, evaluate, and quantify potential information security threats.
  • Control Measures Deployment:
    Based on assessment results, appropriate controls—including technical, physical, organizational, and personnel measures—are implemented to mitigate and manage risks.

2. Enhance Security Awareness and Ensure Business Continuity

Information security is a shared responsibility. Through continuous education and preparedness programs, we ensure operational stability and resilience.

  • Security Education and Training:
    Conduct annual, tiered security awareness programs to reinforce the mindset of “Information Security is Everyone’s Responsibility” and strengthen staff’s awareness and incident response capabilities.
  • Emergency and Recovery Planning:
    Develop Emergency Response Plans (ERP) and Disaster Recovery Plans (DRP) for critical business functions and information assets.
  • Regular Drills:
    Perform regular simulations and response drills to ensure rapid recovery of key business operations in the event of system failures or major incidents, minimizing potential losses.

3. Strengthen Network Protection and Safeguard Privacy

A. Network and System Security

  • Infrastructure Protection:
    Maintain a robust cybersecurity infrastructure to protect company websites, applications, and network resources from unauthorized access, attacks, and damage.
  • Employee Security Standards:
    All employees must comply with security guidelines, including using strong passwords, multi-factor authentication (MFA), and secure browsing practices.
  • Vulnerability Management:
    Conduct regular Windows Defender updates and vulnerability scans to promptly identify and patch potential security weaknesses.

B. Personal Data and Privacy Commitment

We are committed to protecting all users’ personal data in compliance with relevant data protection and privacy regulations.

  • Lawful, Fair, and Transparent Processing:
    Handle user data with the highest standards of legality, fairness, and transparency.
  • Data Minimization and Transparency:
    • The company’s website uses Google Analytics solely for traffic analysis and performance optimization.
    • HubSpot is used only for subscription forms and business communication purposes.
    • Data collected through these platforms strictly follows the data minimization principle, gathering only information necessary for analytics and service provision.
  • User Right to Know:
    We ensure that users are fully informed about:
    • The specific purposes for which their data is collected.
    • Whether data may be shared (in compliance) with third parties such as Google or HubSpot.
    • The measures we take to protect their data security.

Google data privacy and security >
HubSpot privacy policy>

Policy Review and Continuous Improvement

This Information Security Policy Statement represents an ongoing commitment by Ultrontek co., Ltd. We will periodically review and update this policy to address evolving cybersecurity threats and technological advancements.

Issued by:
Ultrontek Information Security Management Committee
Ultrontek co., Ltd.
Date of Issue: September 1, 2025

Back