Risk Management
Risk Management Organization
The Board of Directors serves as the highest decision-making body for risk management, approving policies and frameworks in line with business strategies and environmental changes to ensure effective risk management. In 2023, Accton established a Risk Management Office to assist in coordinating and implementing the risk management framework. This office is responsible for reviewing and controlling the risk assessments and response actions of various plans and projects initiated by each responsible department.
Information Security Management
I. Implementing Information Security Risk Assessments and Enhancing Information Security Management
Accton has implemented a Plan-Do-Check-Act (PDCA) cycle in its information security management system. Additionally, the “Information Security Incident Reporting Procedures” has been integrated into Accton’s internal risk management system. Quarterly management review meetings are held regularly or when material changes occur in the information operations environment. These meetings independently review information security policies, objectives, procedures, and control measures to prevent potential information security threats and improve information security protection levels, thereby maintaining a consistently high level of service commitment.
II. Reducing Information Security Risks and Strengthening Corporate Digital Resilience
Accton established its Information Security Promotion Committee in 2016 and obtained ISO 27001:2013 certification. In 2024, the company completed the upgrade to the ISO 27001:2022 standard, incorporating enhancements such as cloud service security, threat intelligence management, ICT supply chain security, and information security incident logging. Additionally, Accton completed validation of the continuous effectiveness of its information security policies and controls to ensure the proper operation of its Information Security Management System and to mitigate information security risks. To further strengthen cybersecurity resilience, the ISO 27001:2022 certification scope was expanded to include Accton Zhubei AI Park and Vietnam Accton.
In 2020, Accton established a dedicated information security management organization, the Information Security Department, responsible for network security issues, activities, and threat intelligence within the Group.
Business Continuity Management
Accton has officially obtained the ISO 22301 Business Continuity Management System (BCMS) certification
In order to enhance Accton’s resilience in the face of various operational impacts, we plan contingency measures and recovery plans in advance, so that we can respond to and recover from disruptions in a timely manner, minimize the extent of damage during the disruptions, and ensure the best interests of our stakeholders. Accton has formulated a Business Continuity Management Policy, and has acquired and introduced ISO 22301 Business Continuity management system certification at each key business location.
Two important long-term emerging risks & Mitigating actions
| Emerging Risk 1 | Emerging Risk 2 | |
|---|---|---|
| Geopolitics | Talent Development | |
| Description | Relentless geopolitical upheavals and the global spread of infectious diseases are occurring repeatedly, disrupting the market operations and global trade order that the industry has been accustomed to for years. | With the rapid advancement of industrial technology and the competition among tech industries to recruit professional talents, it has become an underlying concern for the continuous growth of enterprises. Companies need to continuously recruit various professional talents to accelerate the development of knowledge and skills, ensuring long-term opportunities for innovation and business. |
| Impact | 1. Imbalance between supply and demand in the supply chain & production disruptions 2. The supply and demand of key business alliances and partners change unpredictably with international developments 3. Difficulty in obtaining materials increases shipping costs and related expenses |
1. The rapid advancement of knowledge and technology necessitates that talents quickly enhance their adaptability and professional expertise. 2. Professional skills in new fields are difficult to cultivate. 3. Recruiting professional talents in new fields is challenging. |
| Mitigating actions | 1. Reconfigure the supply chain: Strengthen the overall supply chain resilience and flexibility in response to upstream customer demands 2. Adopt the ‘remote backup’ mechanism and establish multi-country production bases: Accton expands its production bases to reduce risks and enhance the levels of Quality, Cost, and Delivery (QCD) |
1. Develop training and development programs for various types of specialists 2. Enhance employees’ professional skills and cross-departmental management practices |
