• To enhance information security management, Jia Wei has appointed the Information Security Center to be in charge of information security management, and to plan, supervise, and implement governance and control over inter-departmental information security in Jia Wei and subsidiaries.
• Implementation results: based on organizational structure, the President has been designated as the highest-ranking supervisor for information security, while the manager of the Information Security Center serves as the representative of information security management. Information security representatives appointed from each department have held regularly "information security meetings" to review the developmental objectives and strategies for information security so as to maintain a stable information security review mechanism.If necessary, members of the information security representative must attend the meeting.
• The information security governance report and results are regularly reported to the Board of Directors meetings.

1. Jia Wei has established information security management rules in line with applicable laws and regulations to provide proper protective measures over our information assets, and to ensure their confidentiality, completeness, usability, and legal compliance.
2. We regularly evaluate the effects of various manmade and natural disasters on our information security. To ensure business continuity, we have also established disaster prevention measures for important information assets and critical business as well as disaster recovery plan.
3. We supervise our staff to fulfill information security and protection, and to instill an awareness for "information security is a part of everyone's responsibility" in order to enhance the awareness for information security in each business unit and personnel.
4. Jia Wei requires all employees and vendors who use or connect to Jia Wei's computer systems to strictly abide by our information security regulations. Violators will be either penalized or fined based on contract terms based on the condition of the violation, and in case of severe violation, will be further punishable by applicable laws.

Jia Wei has signed electronic equipment insurance with contractors for operational assets such as the ERP system, core information equipment,and we prevent theft or malicious damage through security monitoring and environmental monitoring system.

In response to challenges to information security , the following strategies have already been adopted:

• Built network firewalls and launched automatic information security signature to prevent external attacks and penetration to the internal network.
• Provided an application server, set in an independent internal network area, for external network connections, and only specific personal computers are allowed to connect to the network for maintenance.
• Asked the network service provider to enable network risk prevention services to avoid possible losses caused by external networks.

• We have reviewed whether risks of single-point deficiency exist in relevant structures and maintenance and operating systems, and conducted risk analysis over the adequacy of business continuity operation. Results and recommendation over the safety evaluation of information framework have also been proposed.
• Reviewed the access records of network, information security equipment and services, and whether account authorization and monitoring mechanism comply with internal control procedures; we have also checked the account authority and access records of such equipment to identify abnormal records and to confirm warning mechanism.
• Reviewed server settings regarding "password setting guidelines" and "account lock down guidelines"; and reviewed whether the domain safety principles comply with internal control standards through analytical tools and manual procedures.
• Installed protective programs at the terminal equipment to avoid possible infiltrations.

Mainly through promotion and investment in the following aspects, we will strengthen colleagues' information security crises and the response capabilities of information security processing personnel, hoping to prevent them in advance.

1. Staff composition: Chief information security officer , information security center manager and 2 information security center staffs.
2. Related meetings: The company holds relevant meetings regularly, and 2 meetings were held in 2023.
3. Education and training in 2023 as follows: