Information Security
Information Security
We continue to optimize our information security systems by replacing and introducing information security defense mechanisms such as new-generation firewalls, spam filters, new-generation backup systems, vulnerability scans, and strengthened security systems. We organize regular information security training and dissemination each year to enhance the information security awareness of all employees and improve information security levels. We have also hired an information security supervisor with ISO 27001, Certified Information Systems Auditor (CISA), ISACA Certified Information Systems Auditor (CISA), and other certifications. The supervisor is responsible for coordinating related management measures, and we have also established supplier review criteria, requiring our systems maintenance vendors to be ISO/IEC 27001 certified before they can become qualified suppliers. We also continue to strengthen our information security defenses by adhering to professional recommendations. No major information security incidents occurred in 2022.
Information Security Measures
We have established an “Information Security Promotion Team” in accordance with Bora Pharmaceuticals information security management systems. The Information Security Promotion Team is responsible for coordinating, promoting, and supervising information security management matters at Bora Pharmaceuticals. The Team is convened by our General Manager, and team members are composed of managers from various departments. An “Information Security Handling (Response) Team” has also been established under the “Information Security Promotion Team.”
Information Security Education and Training
We organized 6,902 hours of information security training for 41,067 participants in 2022 to enhance information security awareness in Bora Pharmaceuticals employees, ensuring constant attention to information equipment utilization and potential information security risks. Training topics are described in the table.
Our main information-related actions in 2022 were divided into three major categories: cybersecurity defense equipment and monitoring of network behaviors, establishment of remote backup systems, and establishment of information security defense mechanisms. These actions were mainly implemented in response to potential requirements for remote work and access to corporate information due to the recent pandemic. These actions allowed for effective prevention of malicious attacks and intrusions, blocking of malicious network behaviors, and logging of relevant records to minimize risks of information losses. Our systems and data are regularly backed up, and we conduct periodic backup recovery tests each year. Bora Pharmaceuticals has actively established defenses measures for information security systems to prevent risks of loss and tampering of corporate information.
Information Security Training
| Topic | Training Hours | Number of Participants | Total Training Hours |
|---|---|---|---|
| Town hall sharing on information security (May) | 0.25hr | 700 | 175hr |
| Town hall sharing on information security (August) | 0.25hr | 700 | 175hr |
| Town hall sharing on information security (December) | 0.25hr | 700 | 175hr |
| IT information security weekly newsletter | 0.15hr | 37,800 | 5,670hr |
| Internal training | |||
| 1. New employee security training | 0.5hr | 98 | 49hr |
| 2. Social engineering awareness training | 0.5hr | 842 | 421hr |
| 3. Firewall setting tranining | 2hr | 4 | 8hr |
| 4. GMP security training | 0.5hr | 200 | 100hr |
| 5. IT personnel security training | 3hr | 19 | 57hr |
| External training | |||
| 1. Microsoft Virtual Security Training | 6.5hr | 2 | 13hr |
| 2. System and web page weakness scanning practice | 5hr | 1 | 5hr |
| 3. Training for information security professional | 54hr | 1 | 54hr |
Information Management Measures
Bora Pharmaceuticals has established the “Information and Communications Security Policies.” To fully plan and promote various information security policy tasks, we have established an Information Division and Information Security Department and hired an information security supervisor to lead our colleagues in promoting information security tasks. No external attacks caused irreversible system damage in 2021. Our management actions are described in the table.
We constantly update our cyber defense knowledge and equipment, and continue to formulate various targets to maintain information security at Bora Pharmaceuticals. Our short, medium, and long term targets are described in the table.
Bora Pharmaceuticals has also established rigorous firewall policies and excluded non-secure domains to ensure information security. Our information security personnel also conduct routine monitoring, analysis, and management of information environment hazards to eliminate potential damages to corporate assets.