50( %u4e8c ) Specific Management Plan%u2022 Information Security Management: Protect the company from damageor threats by ensuring the security of data, networks, systems, andequipment, reducing environmental risks, and providing a secure andreliable operational environment.%u2022 Information Security Organization: Oversee the implementation ofinformation security management, establish the company's informationsecurity development direction, strategies, and steps, and enhanceoperational security.%u2022 Information Asset Management: Establish procedures for the disposalof information assets and implement corresponding data deletion ordestruction procedures to prevent leakage of business or personal data,thus ensuring the protection of the company's information assets.%u2022 Access Control: Develop access control policies to ensure that accessto company information is appropriately authorized and managed,preventing unauthorized access and safeguarding the confidentiality ofcompany information.%u2022 Computer Information Control: Maintain the effective operation ofcomputer information systems, including servers, application software,and information systems, and establish relevant control procedures forcompany employees.%u2022%u2022Software Validation and Control: Regularly perform re-validationprocedures for software systems, or conduct re-validation within aspecified timeframe following modifications or updates to the originalsystem by the manufacturer.Physical and Environmental Security: Manage the physicalenvironment of the company's office areas and data centers, andestablish corresponding control procedures to protect informationassets and surrounding environments. This aims to reduce risksassociated with environmental security issues and achieve effectivesecurity control.%u2022 Information Security Incidents: When an information security event orincident occurs within the company's information systems, promptlyassess the situation, take necessary response actions, and implementsubsequent preventive measures. Establish a comprehensive reportingand handling procedure for such incidents.%u2022 Business Continuity Management: Assess the operational risksassociated with potential disruptions to information system facilities anddevelop contingency or recovery plans. Regularly conduct drills toensure preparedness.%u2022 Legal Compliance: The company and its employees must adhere to allrelevant information security laws, regulations, and contractualobligations, as well as the company's information security policies andrequirements.( %u4e09 ) Information Security Resource Allocation:For critical information security tasks such as operating system orimportant software upgrades and disaster recovery drills, the Information Security Office regularly reviews and plans their progress. They promoteinformation security awareness through company meetings or emails.Additionally, they perform irregular engineering drills and security healthchecks to assess users' security awareness, identify potentialvulnerabilities in information equipment and system configurations, and allocate the information security budget for necessary actions.( %u56db ) Emergency Notification ProceddureWhen an information security incident occurs, the affected unit reportsit to the Information Security Office. The office assesses the type ofincident and identifies the issues, handles the situation promptly, andkeeps a record of the incident.BBIOTEQUE CORPORATION2023 Sustainability Report