| Sustainability Goal | VIA Technologies’ Achievements | |
|---|---|---|
| SDGs | Achievements | |
 | 16.6 Developing effective, responsible, and transparent systems at all levels | Corporate governance evaluation score falls within the 36% - 50% range ⦁ Performance evaluation of the establishment and implementation of the Board of Directors and functional committees |
  | 4.7 Ensure that everyone gains the essential knowledge can foster sustainable development 12.8 Ensure that everyone is informed and aware of sustainable development | The Directors’ education includes 60 hours, all focused on training courses related to sustainable development ⦁ Sustainability-related training covering information security, risk management, operational risk, financial risk, labor safety, and quality planning and control, with a total of 2,291 participants and 4,580 hours of training |
| 16.5 Reduce various forms of corruption | A total of 437 participants were involved in training on integrity management ⦁ No significant violations |
| 4.b Increase the enrollment rate in higher education, particularly in fields related to information and communication technology. | VIA Technologies obtained ISO/IEC 27001 certification ⦁ Conduct regular monthly information security awareness campaigns and send additional information security updates as needed, based on new issues or relevant hacker news. Send more than 19 information security awareness notification emails ⦁ Conduct two social engineering phishing simulation exercises, sending a total of 4,075 emails |
| 16.7 Ensure that decision-making at every level is responsive to public opinion, inclusive, participatory, and representative of the community. | ⦁ 33 material information announcements were posted on the Market Observation Post System |
| The annual performance results are as follows: |
|---|
| The company has passed an audit by the third-party auditor, the British Standards Institution, and obtained the ISO27001 certification (ISO/IEC 27001:2022 No.: IS 813422), valid from November 15, 2024, to November 14, 2027. |
| Implement a third-party risk assessment system that utilizes an information security assessment platform to help the company evaluate the risk levels of external network assets registered under its name, provide security scores and remediation recommendations, and enhance the overall security posture of the company's external network assets. |
| The company's official website has adopted WP Engine Global Edge Security (GES), powered by Cloudflare technology. This solution combines a Web Application Firewall (WAF), DDoS protection, and automatic SSL certificate installation to enhance the website's security and performance significantly. |
| Continue participating in joint information security defense organizations to access diverse intelligence-sharing channels and enhance the effectiveness of cross-domain threat defense. (Member of Taiwan Computer Emergency Response Team Coordination Center, TWCERT/CC) |
| Establish a dedicated information security area on the employee website for ongoing internal information sharing. |
| Conduct regular monthly information security awareness campaigns and issue ad-hoc alerts in response to emerging information security topics or hacker-related news. |
| Conducted two social engineering phishing drills to raise employee awareness, reduce susceptibility, and lower information security risks. |
| Performed two host vulnerability scans, identified potential security vulnerabilities, and applied necessary patches to comply with regulatory audit requirements. |
| Conduct information security courses and follow-up quizzes to enhance employees' understanding of information security. Organized eight information security courses. |
| To ensure company information security and comply with ISO27001 standard A.7.7 regarding desktop and screen clearance, company computers will automatically lock the screen after 15 minutes of inactivity, requiring a password to unlock. |
| Passwords should be regularly updated and set with complexity requirements, while multi-factor authentication (MFA) should be gradually and fully implemented. By adding extra verification steps, it ensures that only authorized users can access the system, improving login security and minimizing the risk of account compromise. |
| By continuously using MDR services, the company's entire computer network is protected 24/7 with ongoing security monitoring, detection, and response to network threats. These services, supported by both advanced technology and information security experts, assist the company's internal computer systems in quickly detecting and responding to potential security threats, thereby strengthening overall information security defenses. |
| Continuously enhancing network security protection measures includes implementing firewalls, intrusion detection systems, and virtual private networks (VPNs), among other measures, to prevent unauthorized access and attacks. |
| Comprehensive commercial fire insurance coverage for data center equipment. |
Integrity Management and Regulatory Compliance
Technologies upholds legal compliance and integrity as its core values. In 2020, it adopted the “Integrity Management Best Practice Principles”, the “Procedures for Integrity Management and Guidelines for Conduct”, establishing an “Integrity Management Promotion Unit” under the Board of Directors, which is managed by the General Manager’s Office. This unit regularly assesses the execution of integrity management and reports its findings to the board. In 2024, the “Corporate Integrity Management” course was conducted with 437 participants. The course covered topics including bribery prevention, anti-corruption, employee conduct guidelines, integrity management, and business ethics conduct. No corruption incidents were reported throughout the year.
For stakeholder management, the company engages through regular channels. If a potential major negative impact arises, the responsible department conducts financial due diligence and reports to the chairman. A resolution by the Board of Directors will be made if deemed necessary. There were no such incidents in 2024, and future plans involve expanding due diligence to cover regulations, environmental protection, and labor rights.
VIA Technologies has established grievance and reporting channels for stakeholders to submit their reports. These reports are handled by dedicated staff who will conduct investigations after the case is filed. The identity of the whistleblower is protected, ensuring they do not face any unfair treatment as a result of their report. No complaints were filed in 2024. Going forward, the Corporate Governance Group, under the ESG Committee, will be responsible for designing and reviewing grievance channels and handling reported cases. The company also plans to evaluate communication and discussions on this issue during stakeholder engagement meetings with customers and suppliers, as a reference for improving the grievance mechanism.
Comprehensive Regulatory Compliance Mechanism
| Comprehensive Regulatory Compliance Mechanism | ||
|---|---|---|
| Aspect | Policies | Implementation practices |
| Regulatory Compliance and Corporate Governance | • Establishment of Audit Committee • Strengthen the role of the Board of Directors | • Oversee financial and internal control systems • Formulation of Regulations Governing Board of Directors Meetings |
| Personnel Management | • Whistleblowing mechanism established • Management leads by example • Internal control systems ensure compliance | • Business activities comply with laws and internal policies • Regular training • Safeguard legal labor rights and interests |
| Environmental, Safety, and Health (ESH) Management | • Environmental Management System • Green supply chain management • Occupational Safety and Health | • Emergency response planning and drills • Complies with RoHS standards (restriction of hazardous substances) • Regular occupational safety and health training |
Risk Management
Company risk management is handled separately by each department based on its specific functions. Each unit first identifies, analyzes, and assesses its internal potential risks, then selects appropriate methods to control, manage, and monitor these risks. For high-risk items, targeted response measures are developed. Risks are managed through centralized coordination and hierarchical execution, ensuring that all high-risk issues are effectively and promptly controlled according to their nature.
| Risk Category | Risk Description | Risk Response Measures |
|---|---|---|
| Sustainable Environment | Greenhouse Gas Emissions Are Continuously Rising | The ISO 14064-1 greenhouse gas inventory was completed in 2024 and verified by a third party to ensure its accuracy and effectiveness. The process will be continuously implemented, and an emission reduction plan has been established for execution. |
| Promote energy conservation and carbon reduction projects, evaluate short-term energy storage systems and renewable energy, implement clean energy and increase the utilization rate of renewable energy. | ||
| Rising Temperatures | Promote energy conservation and carbon reduction projects, evaluate short-term introduction of solar power generation, implement clean energy and increase the utilization rate of renewable energy. | |
| Enhance energy efficiency and reduce electricity costs associated with rising temperatures by implementing automatic monitoring and updates to refrigeration and air conditioning systems. | ||
| Climate Change | Water shortage issues, such as water restrictions and water rationing, are potential risks to our water resource management. In addition to collecting reservoir water data, VIA Technologies has also established water consumption monitoring to control usage and implemented water-saving measures on a daily basis. | |
| Concerning the effects of the typhoon, when the typhoon warning is issued, a typhoon prevention headquarters is established to accurately monitor the typhoon movement and the plant situation, and issue typhoon forecasts in the plants, so employees can be informed of the typhoon situation and take preventive measures. The company strives to minimize the impact of disasters. When floods occur, the typhoon prevention headquarters will coordinate manpower to respond to the situation and mitigate the issues, and follow-up restoration work will be carried out after the water recedes. | ||
| Non-compliance from supplier's operation | VIA Technologies has established a supplier management system and requires suppliers to sign and comply with the Responsible Business Alliance (RBA) Code of Conduct. Beginning in 2024, the company will conduct environmental and social due diligence and audits for both new and existing suppliers, aligned with ISO 20400 guidelines. | |
| In the future, the company plans to monitor the management and implementation of suppliers in sustainable development. We continue to encourage our suppliers to value business ethics, protect workers' human rights, provide decent working environment and safety and health, and develop materials and processes to reduce environmental impact. | ||
| Non-compliance with environmental laws and regulations | The company ensures that waste management, chemical management and other projects meet the legal requirements through the comprehensive operation of the environmental management system. | |
| Social Prosperity | Occurrence of a occupational injury | Implement occupational safety and health training for new employees and in-service employees. |
| Establish relevant on-site operating specifications, "Preventing and Managing Ergonomic hazards", "Prevention of Overwork Related Illness" and "Occupational Safety and Health Code of Conduct", supplemented by machine-related training, engineering improvement or provision of personal protective equipment to ensure effective hazards control. | ||
| Overwork or excessive workload | Every two years, an online survey is conducted to assess diseases caused by abnormal workload (overwork), with risks categorized into four levels for monitoring and management. Special attention is given to employees who frequently work overtime and have abnormal health check results, with a focus on implementing risk control measures, encouraging timely medical consultations, and adjusting working hours. Regular efforts are made to enhance the awareness and understanding of overwork and occupational burnout among supervisors and employees. | |
| Workforce shortage | Due to industrial and environmental factors, when faced with labor shortages, the company improves the employee capabilities through internal training and develop multiple external talent recruitment channels, and cooperates with the academia in technology and talent cultivation to cope with the labor shortage. | |
| Corporate Governance | Ethical and Integrity Risk | Establish the "Integrity Management Best Practice Principles" and "Procedures for Integrity Management and Guidelines for Conduct" to ensure relevant business operations. |
| At least one internal training session on the Integrity Management Best Practice Principles is conducted annually for all employees, and employees are also encouraged to attend relevant external training programs. In 2024, the "Corporate Integrity Management" course was conducted, attracting a total of 437 participants. | ||
| Information Security Incident Occurrence | The Information Security Management Committee has been established, with the Vice President as the convener and the Chief Information Officer serving as the Executive Secretary to assist in the execution of directives. The committee holds regular meetings every six months to review the company's information security status. | |
| A dedicated information security team has been established, comprising a Chief Information Security Officer, information security managers, and specialized staff, tasked with driving and executing information security policies to strengthen the company's information security defenses. | ||
| The company has passed an audit by the third-party auditor, the British Standards Institution, and obtained the ISO27001 certification, valid from November 15, 2024, to November 14, 2027. | ||
| In 2024, there were no information security incidents requiring major disclosure by listed companies. | ||
| Risk management on raw material supply and demand | In response to the uncertainty of suppliers’ supply, the company applies hedging procurement in addition to developing and switching supply countries to reduce the risk of supply interruption. | |
| Apply cargo consolidation mechanism and require suppliers to increase the ratio of consolidated shipments and reduce the risk of scattered shipments. |
Information Security
To meet stakeholder expectations and protect product and service information, VIA Technologies has implemented robust information security management practices to prevent unauthorized access, modification, use, disclosure, and loss, including those resulting from natural disasters. This approach aims to earn the trust of customers and suppliers, ensure the continuous operation of critical business functions, fulfill commitments to shareholders, and maintain the confidentiality, integrity, and availability of vital information assets in compliance with applicable laws and regulations.
| Material Topics | Information Security |
|---|---|
| Policies | Ensure the confidentiality, integrity, availability and legality of data, systems, equipment, network security and associated information assets comply with the requirements of relevant laws, regulations and contracts to secure the assets from internal and external deliberate or accidental threat. |
| Objective | Each year, zero information security incidents require material disclosure under listed company regulations. |
| Conduct at least two social engineering drills each year. | |
| Responsible Department/ Grievance Mechanism | Responsible Department: Information Security Management Committee |
| Grievance mechanism | |
| IT department phone extension: 867995 or 866860 | |
| EMAIL: [email protected] | |
| Invest Resources | Establish an Information Security Management Committee responsible for the implementation of information security. |
| Establish a dedicated information security team, including a Chief Information Security Officer, information security managers, and specialized information security staff. | |
| Implement information security management and control. | |
| Implement data access control. | |
| Perform regular backups and implement disaster recovery drills. | |
| Implement information security training, promotion and inspection. | |
| Conduct an email social engineering drill. | |
| Evaluation mechanism | In 2024, there were no information security incidents requiring major disclosure by listed companies. |
| In 2024, there were no cases of sanctions or penalties from the competent authorities due to the leakage of confidential information that affected the personal information of customers and employees. | |
| Held two information security management committee meetings in 2024. | |
| Conduct two host vulnerability scans in 2024. | |
| Conduct monthly information security awareness campaigns and complete eight information security-related courses each year. | |
| Conduct two social engineering drills in 2024. | |
| There is no deficiency at the accountant’s external audit account authority in 2024. |
Information Security Policy
VIA Technologies manages the company’s overall information security through its Information Security Management Committee, which is responsible for developing information security guidelines, planning and implementing information security protection, and promoting and enforcing these policies. To guard against various internal and external security threats, the company employs multiple protective measures to enhance the overall safety of its information environment.
| Project | Policy Description |
|---|---|
| Internet Security Management | Implement firewall controls. |
| Perform immediate virus scanning on computer systems and data storage media. | |
| Real-time monitoring of system logs for various network services to track any abnormalities. | |
| Develop a threat detection and response service system that includes endpoint detection, advanced threat analysis, monitoring, and event notification to enhance the overall information security defense of the enterprise. | |
| Implement data access control | Computer equipment should be managed by a designated person, with accounts and passwords properly set. |
| Before scrapping equipment, confidential and sensitive data, as well as licensed software, should be removed or overwritten. | |
| Account permissions for the information system should be properly requested and authorized. | |
| Disaster recovery system | Regularly review the emergency response plan. |
| Conduct annual system recovery drills. | |
| Set up a system backup process and ensure off-site backups are in place. | |
| Regularly review the security controls of the computer network. | |
| Information security drills, awareness campaigns, and audits | Continuously promote information security to raise employees' awareness of information security. |
| Provide information security education and training courses and lectures. | |
| Conduct annual social engineering drills. | |
| Prepare an annual information security report and present it to the Board of Directors. |
Stakeholder Management
Material Topics Identification Process
STEP 1: Understanding the organizational context
By referencing industry-specific sustainability guidelines and reviewing the organization’s operational activities, business relationships, and stakeholder identification process, the organization gains a comprehensive understanding of its context and associated impacts, allowing for the identification of sustainability-related stakeholders.
STEP 2: Identify Actual and Potential Impacts
Based on the organization’s overall context and business relationships, actual and potential impacts on the economy, environment, and people are identified—including positive and negative, short-term and long-term, intentional and unintentional, and reversible and irreversible effects—leading to the identification of 24 sustainability-related topics.
STEP 3: Evaluate the Significance of the Impact
Conduct a materiality assessment through stakeholder surveys on external economic, environmental, and people impacts, along with internal surveys assessing operational impact
STEP 4: Arrange the reporting priority of the most significant impacts
The identified issues are ranked based on their assessed impact. Their significance is then verified in accordance with sustainability-related industry standards and in consultation with external advisors, resulting in the selection of 9 material topics
Determining Major Stakeholders
Step 1
Communicate with stakeholders through routine business contacts
Step 2
Through internal meetings and by referencing the practices of industry peers
Step 3
Identify 7 types of major stakeholders
Stakeholder Communication Channels and Topic of Concern
| Type of major stakeholders | The significance and purpose of stakeholders to the Company | Issues of concern | Communication channel | Communication frequency | Communication achievements |
|---|---|---|---|---|---|
| Government agencies | Legal compliance with government agencies supervision and auditing | Regulatory Compliance Information Security Ethics and Integrity Corporate Governance Occupational Safety and Health Energy efficiency and carbon reduction Energy usage Waste management Social Participation Climate Change Response | Market Observation Post System | Unscheduled | ■ MOPS Material Information Announcement: 33 times ■ Corporate Governance Evaluation: 1 time ■ Occupational Safety and Fire Safety Inspections: 1 time ■ Official Document Communication: 132 times |
| Corporate Governance Evaluation | Annually | ||||
| Competent Authority Visits | Annually | ||||
| Policy Advocacy Meeting | Unscheduled | ||||
| Official Document Send and Receive | Unscheduled | ||||
| Shareholders | Shareholders and investors are the support of the company, and we should protect shareholders' rights and interests and treat all shareholders equitably to ensure shareholders' rights of being fully informed of, participating in and making decisions over important matters of the Company | Innovation and R&D Regulatory Compliance Ethics and Integrity Financial Performance Corporate Governance Operational Risk Management | Market Observation Post System | Unscheduled | ■ MOPS Material Information Announcement: 33 times ■ Held 2 shareholders' meetings (including one extraordinary meeting). ■ Investor Conference: 1 time |
| Monthly Revenue, Quarterly Financial Reports | Annually | ||||
| Shareholders' Meeting | Annually | ||||
| Company website, phone calls, and emails | Unscheduled | ||||
| Investor Conference | Annually | ||||
| Supplier | Maintaining long-term positive relationships with supply partners ensures a stable supply of raw materials, parts and components, and services. Additionally, taking actions together with supply partners helps effectively prevent environmental pollution and labor rights violations | Supplier Social Assessment Supplier Environmental Assessment Energy usage Green Products Regulatory Compliance Financial Performance Information Security | Meetings with suppliers/ outsourced vendors | Unscheduled | ■Annual supplier audit and communication: 253 times ■New supplier audit and communication: 28 times |
| Contractor Coordination Meetings | Annually | ||||
| Construction Site Safety and Health Guidelines | Unscheduled | ||||
| Audits on suppliers/ outsourced vendors | Annually | ||||
| Supplier questionnaires | Unscheduled | ||||
| Customer | Customers are the our main source of revenue, and we are committed to the highest product quality, safety and after-sales service to our customers. Maintaining a high customer satisfaction will increase the brand value of FSP | Supplier Environmental Assessment Supplier Social Assessment, Innovation, and R&D Regulatory Compliance Information Security Customer Service Green Products Ethics and Integrity Financial Performance Corporate Governance Occupational Safety and Health Operational Risk Customer Health and Safety Energy efficiency and carbon reduction Waste management Energy usage Human Rights Policy Climate Change Response Water Resource Management | Customer Meeting | Unscheduled | ■1 time annual satisfaction survey and communication, involving 24 customers ■Annual Audit and Communication of Key Customers: 116 times |
| Customer satisfaction survey | Annually | ||||
| Customer audit | Unscheduled | ||||
| Customer Questionnaire | Unscheduled | ||||
| Employees | Employees are the indispensable foundation of the company's operations. We are committed to provide a worry-free workplace that is healthy for employees' physical and mental health with diversified development. | Ethics and Integrity Financial Performance Diversity and Equal Opportunity Labor Relations Talent Development and Retention Regulatory Compliance Occupational Safety and Health Green Products Human Rights Policy | Labor-Management Meeting | Quarterly | ■Labor Management Meeting: 4 times ■Employees' Welfare Committee Meeting: 4 times ■Safety and Health Committee Meeting: 4 times ■Internal Announcement: 48 times |
| Employee Grievance | Unscheduled | ||||
| Employees' Welfare Committee Meeting | Monthly | ||||
| Managers Meeting | Unscheduled | ||||
| Department meetings and performance interviews | Monthly | ||||
| Internal Announcement | Unscheduled | ||||
| Safety and Health Committee Meeting | Quarterly | ||||
| Bank | Banks are the main source of operating capital. Through close communication and interactions, the company obtains stable and competitive funding for a sustainable operation | Financial Performance Regulatory Compliance Energy efficiency and carbon reduction Energy usage Innovation and R&D Social Participation Climate Change Response | Bank transactions and visits | Unscheduled | Communicated 200 times annually |
| Community | The goal is to achieve sustainable social prosperity and enhance the positive social impact through public feedback | Social Participation Regulatory Compliance Climate Change Response Energy efficiency and carbon reduction Energy usage Waste management Water Resource Management | Community Meeting Donation and Social Welfare Activity | Unscheduled | ■Donate Used Books ■Blood donation activity: 3 times ■Invite 9 disadvantaged groups to organize charity sales events |