INFORMATION SECURITY POLICY

Issue/Revision: 01

Purpose

The ASTI Electronics Corporation company is committed to protecting its information assets, customer data, internal data, and IT systems from loss, leakage, unauthorized access, or destruction.

This document aims to:

  • Demonstrate the company’s commitment to information security.
  • Establish fundamental security principles and policies.
  • Raise awareness among all employees regarding their responsibility to protect information.
  • Minimize cybersecurity risks and data-related incidents.

Scope of Application

This policy applies to:

  • All employees, interns, contractors, and partners working with the company.
  • All IT systems, emails, equipment, data, and information resources owned or managed by the company.

Fundamental Principles of Information Security

The company applies the following security principles:

Confidentiality

Information is only accessed by authorized personnel.

Integrity

Information must be protected from unauthorized modification or alteration.

Availability

Systems and data must always be available to support business operations when needed.

Basic Security Policies

Password Policy
  • Users must use strong passwords.
  • Do not share passwords with others.
  • Passwords must be changed periodically.
  • The use of multi-factor authentication (MFA) is encouraged.
Email Usage Policy
  • Do not open suspicious emails or attachments.
  • Do not click on links from unknown sources.
  • Do not send sensitive data without permission.
Equipment Usage Policy
  • Company equipment must be locked when not in use.
  • Do not install unapproved software.
  • USB and external storage devices must be controlled.
Internet and Network Policy
  • Do not access malicious or inappropriate websites.
  • Do not use company systems for unauthorized personal purposes.
  • Remote connections must be made through a secure method authorized by the company.
Data Protection Policy
  • Important data must be backed up regularly.
  • Customer and internal data must be kept confidential.
  • Do not share company information externally without approval.

Information Security Awareness and Training

The company is committed to improving security awareness through:

  • Regular training for employees.
  • Cybersecurity awareness program.
  • Guidance on identifying phishing, malware, and other forms of fraud.
  • Security incident response drills as needed.

All employees are responsible for:

  • Adhering to the company’s security policy.
  • Immediately reporting any incidents or suspicious behavior.
  • Proactively protecting information assets during work.

Information Security Incident Management

Upon detecting an incident or suspected security breach:

  • Immediately report to the IT department or the information security department.
  • Do not attempt to handle the situation without prior instruction.
  • Cooperate in the investigation and remediation of the incident.

Company Commitment

The management commits to:

  • Providing the necessary resources for security operations.
  • Maintaining and improving the information security management system.
  • Ensure all employees are aware of their responsibility to protect information.

Effectiveness

This policy is effective from the date of issuance and will be reviewed periodically to ensure compliance with legal requirements and the company’s operational situation.

General Director

13 May, 2026

Scroll to Top