Information Security

Information Security

We continue to optimize our information security systems by replacing and introducing information security defense mechanisms such as new-generation firewalls, spam filters, new-generation backup systems, vulnerability scans, and strengthened security systems. We organize regular information security training and dissemination each year to enhance the information security awareness of all employees and improve information security levels. We have also hired an information security supervisor with ISO 27001, Certified Information Systems Auditor (CISA), ISACA Certified Information Systems Auditor (CISA), and other certifications. The supervisor is responsible for coordinating related management measures, and we have also established supplier review criteria, requiring our systems maintenance vendors to be ISO/IEC 27001 certified before they can become qualified suppliers. We also continue to strengthen our information security defenses by adhering to professional recommendations. No major information security incidents occurred in 2022.

Information Security Measures

We have established an “Information Security Promotion Team” in accordance with Bora Pharmaceuticals information security management systems. The Information Security Promotion Team is responsible for coordinating, promoting, and supervising information security management matters at Bora Pharmaceuticals. The Team is convened by our General Manager, and team members are composed of managers from various departments. An “Information Security Handling (Response) Team” has also been established under the “Information Security Promotion Team.”

Information Security Education and Training

We organized 6,902 hours of information security training for 41,067 participants in 2022 to enhance information security awareness in Bora Pharmaceuticals employees, ensuring constant attention to information equipment utilization and potential information security risks. Training topics are described in the table.

Our main information-related actions in 2022 were divided into three major categories: cybersecurity defense equipment and monitoring of network behaviors, establishment of remote backup systems, and establishment of information security defense mechanisms. These actions were mainly implemented in response to potential requirements for remote work and access to corporate information due to the recent pandemic. These actions allowed for effective prevention of malicious attacks and intrusions, blocking of malicious network behaviors, and logging of relevant records to minimize risks of information losses. Our systems and data are regularly backed up, and we conduct periodic backup recovery tests each year. Bora Pharmaceuticals has actively established defenses measures for information security systems to prevent risks of loss and tampering of corporate information.

Information Security Training

TopicTraining HoursNumber of
Total Training
Town hall sharing on information security (May)0.25hr700175hr
Town hall sharing on information security (August)0.25hr700175hr
Town hall sharing on information security (December)0.25hr700175hr
IT information security weekly newsletter0.15hr37,8005,670hr
Internal training
1. New employee security training0.5hr9849hr
2. Social engineering awareness training0.5hr842421hr
3. Firewall setting tranining2hr48hr
4. GMP security training0.5hr200100hr
5. IT personnel security training3hr1957hr
External training
1. Microsoft Virtual Security Training6.5hr213hr
2. System and web page weakness scanning practice5hr15hr
3. Training for information security professional54hr154hr

Information Management Measures

Bora Pharmaceuticals has established the “Information and Communications Security Policies.” To fully plan and promote various information security policy tasks, we have established an Information Division and Information Security Department and hired an information security supervisor to lead our colleagues in promoting information security tasks. No external attacks caused irreversible system damage in 2021. Our management actions are described in the table.

We constantly update our cyber defense knowledge and equipment, and continue to formulate various targets to maintain information security at Bora Pharmaceuticals. Our short, medium, and long term targets are described in the table.

Bora Pharmaceuticals has also established rigorous firewall policies and excluded non-secure domains to ensure information security. Our information security personnel also conduct routine monitoring, analysis, and management of information environment hazards to eliminate potential damages to corporate assets.

Making Success More Certain

Our team is here to discuss how we can become a trusted partner to help bring your breakthrough drug successfully to market.