Business Continuity Management
Continuous attention to internal and external potential risks for risk control
To ensure business continuity, AUO continuously monitors and invests in risk control and response preparations for potential external and internal operating risks that may impact the company’s operations. The Business Continuity Plan (BCP) is one element in this effort, which helps, in the event of an incident, to maintain key business operations at acceptable and agreed levels. From 2008 to date, AUO has had a BCP in place and has carried out various drills to respond to fires, earthquakes, chemical spills, infectious diseases, and raw materials supply shortages and has had risk management strategies in place and will continue to develop its BCP response capabilities in different scenarios.
Business Continuity Management
Water shortages
Reduced precipitation, lowered levels of water in water reservoirs, causing fears of production water shortage
Earthquakes
Production line response drills for dealing with damage to production machinery and equipment in the factory caused by earthquakes
Fires
Fire in the server room impacting operations
Infectious diseases
Response drills to announcements of regional outbreaks of infectious diseases
Raw materials supply shortage
A sudden major accident at a raw materials supplier causing a shortage of raw materials supply.
Digital threats
Production machinery encountering a computer virus
Epidemic Quarantine and Business Continuity Response
Au Optronics has accumulated experience in combating SARS, H1N1 and other emerging infectious diseases, and established a complete epidemic prevention and emergency response process. The COVID-19 response was used as an example for case sharing.
Information Security Management Process
Based on the goal of Information Security Policy, the implementation strategies and action plans are established every year. To increase the maturity of information security and protect data security, the "Keep data secure at all times" policy was implemented in 2020 to make sure data protection and security.
Water shortage
AUO monitors the water shortage crises across Taiwan caused by insufficient precipitation and regularly reviews its response measures. We also hold drills whereby our water tanker and production lines are adjusted under various moot water shortage scenarios.
Epidemic Quarantine and Business Continuity Response
Au Optronics has accumulated experience in combating SARS, H1N1 and other emerging infectious diseases, and established a complete epidemic prevention and emergency response process. The COVID-19 response was used as an example for case sharing.
Resistance to disease
- Establish a Business Continuity Plan (BCP) to uniformly dispatch epidemic information and response actions from factories and abroad.
- The global operations continuous response command system is led by the chairman and CEO, and the level 1 executives including business, manufacturing, supply chain, HR, IT, finance, etc. are in charge, and the relevant working group is established to implement the relevant response decisions.
- In accordance with the company's "epidemic prevention classification and Contingency measures", all factories and offices around the world immediately carry out preventive measures such as staff health education and epidemic prevention promotion, travel control, self-health return, temperature measurement, visitor management, meal guidance, etc., in order to improve the internal epidemic prevention energy of the company.
- Planning staff division/time-sharing/home-working plan, carrying out advance staff division and exercise from staff grouping, workplace adjustment, IT information system backup, etc., so as to facilitate the immediate start of the outbreak, protect staff health and avoid the impact on the company operation.
- The severity and breadth of the COVID-19 outbreak is completely different from previous emergencies. Seek assistance from external medical and public health experts and professional consultants to strengthen the response to the epidemic.
- Proactively communicate with customers and let them know the progress of the company's preparedness and supply.
- Provide AUO Epidemic Preparedness Manual for supply chain reference and work with supply chain manufacturers to resume work early.
BCP Emergency Response Organization
Epidemic response
| Development | Level 0 | Level 1 | Level 2 | Level 3 |
|---|---|---|---|---|
| Operating impact index | Person-to-person transmission has occurred | Human-to-human transmission in Taiwan | Domestic community infection | National pandemic |
| guidelines | Preparation/ monitoring | Start the control | Emergency response Preparedness | Emergency response Activated |
| state | Established the "Global Operations Continuous Response Command Center" We have weekly contingency meetings, based on international information a and intelligence provided by the Taiwan Epidemic Center for dynamic management |
Taiwan: Prepare in advance with on-site exercises Overseas: Emergency response and inter-regional support |
||
| area | Taiwan 8 Major Responses (EmployeesㆍPublic facilitiesㆍ Communications、 Data O&M、TransportFinanceㆍPartnership) | Oversea | ||
|
Internal support: Employees: Ensure personnel health and availability |
Employee care, stay calm(CEO letter, psychological counseling(EAP)) Inventory supplies and international support(Ship masks from overseas) Track progress on return to work and hiring management (online recruitment) Manpower distribution and adjustment of business travel (use registry for regular tracking of inter-regional movements) Supplier tracking and contractor support (quarantine resourcesharing manual) |
|||
| Major action plan | Conduct global inventory of supplies Launch health education Real-time information monitoring and unified announcement Upgrade IT resources Visitor restriction management Adjustments to leave,attendance,business travel,holidays and international SOS |
Daily health monitoring and control plant access (measure body temperature/wear mask/report contact history Prepare for quarantine operations, strengthen movement tracking (CCTV photo,registration for events) |
Risk control + Trial "Zoned Attendance" (based on lines of movement and organiza ational level/proxy mechanism Quara antine response + Trial "Work from Home" (based on type of business/IT configuration) |
|
|
Consolidate external operations O&M:Reduce impact on production |
||||
| Major action plan | Media information review ctivate external expert consultants Set up dedicated financial accounts statements for external accounts |
Assess the dynamic impacts on business, adjust production line configuration and shipments Verify transportation bottlenecks and future proposals Cash flow management Response to customer/ external epidemic Track supplier inventories and impact of epidemic Evaluate the hosting of external AUO events and supporting quarantine measures |
Track production manpower, local regulations, and return to work status 2nd Source/Backup solution for transportation and supply |
|
Photos of the epidemic response
Internal training plum seat
Distance to recruit
APP
Information Security Management Process
AUO places high importance on the security of employees and partners' information assets. Through our Information Security Management organization, it promotes and implements information security management to protect AUO's intellectual property, customer data, and enhance employees awareness of information security. We continuously improve our risk management mechanisms and enhance protective measures to strengthen our information security.
Information Security Management Organization
The Information Security Committee serves as the top management organization for information security at AUO. It reports to the Chairman of the Board. Under the committee, the Information Security Execution Team is responsible for implementing the decisions made by the Information Security Committee. To continuously build a comprehensive and efficient specialized team for information security, AUO has established the Information Security Management Department and the Information Security Technology Department under the Information Security Management Division. Continuous investment of resources is made to strengthen the core capabilities of the team in information security.
Execution Strategy & Action plan
Based on the objectives of the Information Security Policy, AUO annually establishes and implements cybersecurity strategies and action plans, taking into account ongoing initiatives and relevant internal and external concerns. These initiatives are rolled out across the entire organization to align with the ISO 27001 information security management system. Key performance indicators are developed to monitor progress, and a PDCA cycle is utilized for continuous improvement, aiming to progressively reduce cybersecurity risks and enhance the company's level of information security maturity.
Information Security Breakthrough
Information Security Protection and Awareness
Measures to strengthen information security defense and response capabilities.
- Red team and blue team assessment
- Third-party information security technology assessment
- Conducting annual emergency response, business continuity, and cybersecurity incident response exercises to prepare for various scenarios
Protecting Confidentiality
To safeguard our company's core assets in the leading industry and maintain a competitive advantage, AUO emphasizes document classification measures, implements email classification review, encrypts hard drives, uses remote connection watermarks, and implements dual-factor authentication for critical internal systems. Simultaneously, we strengthen the daily management of confidential information across all units and establish mechanisms for tracking and auditing the traceability of such information.
Information Security Education and Training
AUO has implemented comprehensive cybersecurity awareness campaigns and provides general and specialized courses for our employees. This is in line with our expectation of "Securing Information, Starting with Me." The training programs cover the following aspects:
- Information security awareness announcements and e-paper
- Videos for promoting information security awareness knowledge and compliance
- Digital posters on large display boards in factory premises
- Interactive online information security awareness game
- Organizing a series of events for Information Security Awareness Workshop
Social Engineering Exercises
To enhance employees' information security awareness, AUO continues to conduct social engineering simulations and training sessions to prevent email phishing attacks. Regular company-wide exercises are carried out to test the effectiveness of security measures. The concept of shared responsibility for information security is integrated, and departments that do not meet the required standards or need improvement are encouraged to enhance internal advocacy and training, which creates a continuous improvement cycle.
