EFFECT STUDIO recognizes that information security is the cornerstone of stable business operations and customer trust. The company has established an Information Security Management System (ISMS) based on ISO/IEC 27001 standards to ensure the Confidentiality, Integrity, and Availability of information, and continuously promotes information security governance and risk management to ensure all operations are safe and reliable.

• 1. Information Security Policy

  The company commits to:

  • Comply with applicable laws, regulations, and technical standards to ensure the security of software system design, development, and management processes.
  • ‧Strive to prevent hacker intrusions, malicious programs, and other information security threats to avoid data leakage or damage.
  • • Strengthen employee information security awareness and professional training to enhance overall protection capabilities and service quality.
  • • Continuously review and improve information security systems to ensure their appropriateness and effectiveness.

  The Information Security Policy will be regularly reviewed and updated in accordance with regulatory, technical, and business changes, and relevant stakeholders will be notified through website announcements or other means.

• 2. Information Security Objectives

  To ensure the effective operation of the Information Security Management System, the company has set the following objectives:

  • Ensure the confidentiality of information assets and prevent unauthorized access or disclosure.
  • • Maintain data integrity to ensure information content is accurate and error-free.
  • • Maintain the availability of systems and services to ensure timely access to information and services when needed.

  Regular reviews of achievement status and continuous improvement will be conducted based on risk management and performance evaluation procedures.

• 3. Information Security Management System

  The company follows the PDCA (Plan-Do-Check-Act) cycle model to establish and continuously improve the Information Security Management System, covering the following aspects:

  • 

    Security Policy Formulation and Promotion

    Establish and regularly communicate management-approved security policies.

  • 

    Risk and Environmental Analysis

    Regularly assess internal and external security issues and requirements.

  • 

    Organization and Personnel Management

    Define security responsibilities and ensure employee compliance through security commitments.

  • 

    Asset and Access Management

    Identify critical information assets and implement access control mechanisms.

  • 

    Operations and Communications Security

    Implement backup, antivirus, firewall, and network security monitoring.

  • 

    System Development and Maintenance Security

    Ensure all development, testing, and deployment processes meet security requirements.

  • 

    Supplier and Outsourcing Management

    Include security clauses in contracts to ensure third-party compliance.

  • 

    Business Continuity and Regulatory Compliance

    Maintain business continuity plans and comply with relevant laws and regulations.

  Through the above management mechanisms, Impact Vision is committed to maintaining information security, ensuring the trust of customers and partners, and continuously promoting sustainable business development.