CONTACT
EN

Sustainable Development and Nomination Committee

Sustainable Development Promotion Group

Unit Name
Special (Part-time) Unit
Implementation status
Corporate Sustainability Dedicated Unit
Sustainable Development and Brand Value Development Office
1. In order to promote the governance of sustainable development, the Sustainable Development Committee was established on April 27, 2023 (the Sustainable Development and Nomination Committee as of December 28, 2023). The committee has set up four functional groups, including the Sustainable Development Promotion Group, to ensure the promotion and implementation of sustainable development-related work within the company. The Sustainable Development Promotion Group is chaired by the president, with the Sustainable and Brand Value Development Office serving as the executive secretary. It has seven functional units, including corporate governance, supply chain management, environmental sustainability, sustainable products, social inclusion, friendly workplace, and sustainable manufacturing, to consolidate the company's sustainable-related policies, systems, or management guidelines, as well as to propose and implement specific promotion plans, while continuously communicating and interacting with stakeholders.
 
In December 2014, the board of directors approved the "Corporate Sustainability Practice Guidelines." In 2023, due to organizational changes, the content was revised to report regularly (every six months) to the Sustainable Development (and Nomination) Committee on the results of sustainability execution and future work plans.

In 2025, there will be a total of 2 reports to the Sustainable Development and Nomination Committee and 1 report to the Board of Directors on December 24, 2025. The agenda includes (1) identifying major sustainability issues that the company needs to focus on and formulating management policies for these issues; (2) tracking the execution status and results of sustainability goals; (3) supervising and reviewing the implementation of sustainable operations and planning for future prospects; (4) managing the progress of the company's climate risk.
 
4. The Board of Directors and the Company's Sustainable Development (and Nomination) Committee shall regularly hear reports from the Sustainable Development Promotion Group regarding the company's sustainable development plans and their implementation each year. The group must propose company resolutions to the Sustainable Development (and Nomination) Committee. The Board of Directors and the Sustainable Development (and Nomination) Committee must assess the likelihood of success of these strategies, regularly review the progress of the strategies, and urge the Sustainable Development Promotion Group to make adjustments when necessary.

5. For related implementation details, please refer to.Corporate Sustainability - Major Issue ManagementCorporate Sustainability - Sustainable Governance

Integrity Management Group

Item
說明
Job responsibilities According to Article 17 of the company's Code of Integrity Management, in order to enhance the management of integrity operations, an Integrity Management Promotion Group is established, which is a dedicated unit under the Board of Directors, equipped with sufficient resources and competent personnel. It is responsible for the formulation and supervision of the integrity management policies and prevention plans, mainly handling the following matters and reporting to the Board of Directors regularly (once a year):
1. Assist in integrating integrity and ethical values into the company's business strategies, and establish relevant anti-corruption measures in accordance with laws and regulations to ensure integrity in operations.
2. Regularly analyze and assess the risks of dishonest behavior within the scope of operations, and based on this, establish prevention plans for dishonest behavior, as well as set standard operating procedures and behavioral guidelines related to work within each plan.
3. Plan the internal organization, structure, and responsibilities, and establish a mutual supervision and checks-and-balances mechanism for business activities with higher risks of dishonesty within the scope of operations.
4. Promotion and coordination of integrity policy training.
5. Plan a reporting system to ensure effective implementation.
6. Assist the board of directors and management in examining and evaluating the effectiveness of the preventive measures established for implementing integrity management, and regularly assess the compliance of related business processes, preparing reports.
Board of Directors Report The date of the last board meeting report execution was 114/12/24.
Integrity Management Policy Upholding the principles of American-style management, the Code of Integrity Management was approved by the board of directors in 2020, and specific practices for integrity management and measures to prevent dishonest behavior (Integrity Management Operating Procedures) were established.
Please refer to the company regulations for rules and operating procedures.
Prevention Plan 1. Establish a code of ethical conduct to create a good behavior model for company colleagues that meets ethical standards.
2. Establish a code of integrity management to maintain a corporate culture of integrity and sound development, and to establish a good business operation model.
3. Engage in business activities based on the principles of fairness, integrity, code of conduct, and transparency, to implement the integrity management policy and actively prevent dishonest behavior, and establish operating procedures for integrity management, specifically outlining the matters that company personnel should pay attention to when executing business.
4. Establish the business conduct and professional ethics guidelines of Meilut, confirming Meilut's firm commitment to adhering to the highest standards of legal compliance and ethical behavior in its business and work processes. It also helps employees understand the standards of behavior and attitude expected of them as Meilut employees, and all who join Meilut must read and sign their agreement to comply with these guidelines.
5. Hold annual training on integrity management topics, promote relevant regulations, enhance employees' understanding of integrity management concepts, and allow employees to feel the company's emphasis on the concept of integrity management.
6. The company prepares various operation manuals, procedures, methods, or specifications as standards for employees to follow, and places these methods in public areas so that employees can review and read the necessary documents at any time.
7. The company has an internal audit function that conducts routine audits according to the annual audit plan approved by the board of directors, and performs project audits as needed to reduce potential deficiencies in the internal control system and provide improvement recommendations. After completing the audit work, an audit report is issued for approval by the chairman and reporting to the board of directors, in order to implement the spirit of corporate governance.
8. The company has a public and transparent reporting channel, as well as reporting methods and procedures, for internal and external personnel to make reports, and has established a mechanism to protect whistleblowers.
Implementation status for the year 1. Implement integrity management training courses
a.Implement a complete integrity management training course for new employees.
b. Promote thematic integrity management training for in-service retraining
Course Name 對象 Training participants Training hours (hr)
Complete Integrity Management Course (17 courses) New and current employees 906 1,861
Thematic Integrity Management In-Service Training - Meilut Industrial Information Security Regulations
Thematic Integrity Management In-Service Training - General Safety and Health Education Training
Thematic Integrity Management In-Service Training - Insider Trading Case Promotion

 

c. Implementing integrity management training courses for overseas factories.

Course Name Target Training participants Training hours (hr)
Thematic Integrity Management In-Service Training - Promotion of Anti-Corruption Practices New and current employees 3,393 106

2. Execute annual audit
3. Promote and implement integrity management policies, establishing a culture of integrity among company employees (3 company-wide promotions)

a. Prevention of insider trading promotion
b. Principles of Gift Acceptance Promotion
c. Corporate Etiquette Promotion

4. Complete the Integrity Management Risk Assessment Form
5. Signing Status of the Integrity Management Statement
Signing content Number of signatories required Number of signatories Signing Ratio
The business conduct and professional ethics standards of Meilut. 4,861 4,861 100%

Risk Management Group

Unit Name
Special (Part-time) Unit
Implementation status
Risk Management Group Legal Patent Department 1. In order for the company and its affiliated enterprises to assess and supervise their risk tolerance and the risks they have already undertaken.
Currently, the decision on risk response strategies and the adherence to risk management procedures are specifically formulated for risk.
Management system, an effective risk management mechanism has been established. Accordingly, our company has been approved by the board of directors on 109/10/29.
The meeting approved the "Risk Management Procedures" and established the risk management policies as follows:
1. Safeguard shareholder rights;
2. Ensure operational continuity;
3. Strengthen asset security;
4. Follow laws and regulations.

2. Organizational Structure:
The company has the board of directors as the highest governance unit for risk management, and the Sustainable Development and Nomination Committee is composed of independent directors and external advisors. Under this functional committee, a Risk Management Group is established, responsible for planning matters related to risk management.
(1). The Board of Directors is the highest authority for risk management in the company, with the main responsibilities as follows:
Recognize the risks faced by the company's operations, ensure the effectiveness of risk management, and bear the ultimate responsibility for risk management.
For risk management policies, the effects generated from the aggregation of various risks should be considered from the overall perspective of the company.
(2). The Sustainable Development and Nomination Committee oversees the management of existing or potential risks within the company, with the main responsibilities as follows:
The Risk Management Group shall regularly submit reports for discussion by the Board of Directors to oversee the implementation of risk management within the company.
◆Provide improvement suggestions for the design of risk management policies and systems, processes, and monitoring indicators.
(3). The company has established a Risk Management Group under the Sustainable Development and Nomination Committee, with the highest-ranking officer of the Legal and Patent Department of the General Management Office serving as the convener. The Risk Management Group is responsible for monitoring, measuring, and assessing the company's daily risks and other executive matters.
(4). Each relevant unit shall carry out its own risk control, provide relevant information to the Risk Management Group for consolidation, and cooperate in carrying out risk management operations.

3. Risk Management Procedures:
The company conducts regular risk factor identification by the Risk Management Group every year to identify potential risks that may affect the sustainable development of the enterprise. It also filters out the scope of risk management and formulates risk management strategies for various risks, covering mechanisms such as management objectives, organizational structure, responsibilities, and risk management procedures, and implements them to ensure that the operational strategy direction is consistent with and effectively operates under the risk management policy.

The scope of risk management includes: "operational risk", "quality risk", "energy risk", "environmental (including climate-related) risk", "technical risk", "supply chain risk", "financial risk", "tax risk", "information security risk", "human resources risk", "human rights risk", "facility risk", "occupational health and safety risk", "strategic risk", "legal risk", "integrity management (anti-corruption) risk", "business interruption risk".

4. This group reports its operations to the Sustainable Development and Nomination Committee and the Board of Directors on a regular annual basis.
The most recent report to the Board of Directors and the Sustainable Development and Nomination Committee was on December 24, 2025.

5. Main operational situation in 2025 
Work items Execution Instructions
1. Expand the risk management issues 02/05 Completed and added corruption/bribery risk, operational interruption risk
2. Update risk management training courses 03/31 Completion of operational impact analysis in-person and online courses
3. Update the risk lists of each unit Completed updates on a total of 14 types of risk items on June 12.
4. Update TCFD risk and opportunity assessments for each unit 06/19 Completed updates and included in the CDP questionnaire.
5. Review the risk management measures of each unit 09/10 Completion of review of measures for handling unacceptable risks
6. Submit the annual risk management report 12/24 Presentation to the Sustainable Development and Nomination Committee and the Board of Directors
7. Present the risk management plan for the next year. 12/24 Presenting the Sustainable Development and Nomination Committee and the Board of Directors

Information Security Promotion Group

1. Information and Communication Technology Security Risk Management Framework
Information security and confidential data protection are the company's competitiveness, and also Meilut's commitment to customers, shareholders, and employees.
The Information Security Promotion Group, supervised by the Sustainable Development and Nomination Committee under the Board of Directors, has initiated the establishment of the group's information security management system. On October 27, 2022, the Board of Directors approved the establishment of the position of Chief Information Security Officer (CISO) for the group. The CISO is responsible for promoting information security policies and resource allocation, and is supported by the information security execution supervisor and one dedicated information security management colleague, along with six colleagues from the system architecture department, to ensure the continuous implementation of various information security management regulations. The total number of personnel in the Information Security Promotion Group is 14. The CISO reported on the information security execution status and future plans of the Meilut Group to the Sustainable Development and Nomination Committee and the Board of Directors on December 24, 2025.

2. Information security policy, specific management plans and implementation status: 

Item
說明
Job Responsibilities 1. Integrate and plan the annual information security program, consolidating the company's cybersecurity operations.
2. Decision-making on cybersecurity risk assessment operations to strengthen the requirements for continuous operation.
3. Define cybersecurity policy objectives and decide on the aspects of cybersecurity goals.
4. Supervise and audit the information security activities of the factory and department to ensure compliance with information security policies and procedures.
5. Plan and execute the cybersecurity audit program for the factory and departments, present audit reports, and track improvement situations.
6. The total number of members in the Cybersecurity Promotion Team is 14, consisting of the highest executives from each factory and their cybersecurity representatives, responsible for promoting and implementing various cybersecurity control mechanisms and methods in the factories.
Board of Directors Report Report on cybersecurity results and plans to the Sustainable Development and Nomination Committee and the Board of Directors regularly (twice a year).
Information Security Policy Quarterly Meeting 1. Review and approve important information security requirements.
2. Review and resolve significant information security issues.
3. Review the effectiveness of information security management and feedback.
5. Risk Assessment Review Meeting.
Information Security Policy 1. Develop and improve cybersecurity policies and plans to meet the comprehensive cybersecurity needs of operations and customers.
2. Implement measures to ensure the operation and effectiveness of information security, achieving the group's sustainable development goals for business operations.
Risk Management and Prevention Plan 1. Establish a Cybersecurity Committee to create a review authority mechanism and strengthen the group's cybersecurity protection.
2. Protect the confidentiality of files, strengthen information security regulations, and ensure that sensitive data is not leaked.
3. Maintain data integrity, establish information security processes, and reduce information security anomalies and deficiencies.
4. Implement system availability, conduct information security audits, and ensure uninterrupted information services.
Plans and Specific Management
Implementation status for the year
 1. A cybersecurity system tool has been constructed to protect system administrator accounts, improve the convenience of approvals, and encrypt data transmission operations, ensuring that information and data do not leak.
2. Establish regular internal audits for information security and review related information issues every six months.
3. Regularly review information system account permissions annually and assess the reasonableness of the accounts in use.
4. Conduct annual supplier information security assessments to collaboratively strengthen supplier cybersecurity risk management and protect our company's data security.
5. Every year, we regularly outsource professional cybersecurity vendors to conduct vulnerability scans or penetration testing on our external service servers (e.g., company website, etc.).
6. Strengthen identity verification mechanisms by implementing two-factor platform authentication operations to ensure the security of external access.
7. Plan the ITILv4 management evaluation mechanism to strengthen information processes and protection.
8. Conduct monthly email social engineering attack drills for employees to enhanceEmployee awareness of phishing emails.
On December 5, 2023, the second-year re-examination of the ISO27001:2022 external audit was completed, and there were no major cybersecurity incidents this year.
10. Joined the Taiwan Cybersecurity Executive Alliance to strengthen external cybersecurity connections.
11. Cyber Risk Insurance has been purchased since June 2018 to reduce the risk of loss and liability caused by business interruptions, with the expectation of becoming a company with outstanding performance in cybersecurity governance maturity.
In 2021, the company introduced ISO27001:2013 certification, and on November 22, 2024, it passed the verification process for the transition to ISO27001:2022. The certificate is valid from December 7, 2024, to December 6, 2027.
In 2023, a cybersecurity education and training program for all employees has been implemented, with a course duration of 60 minutes.
In 2023, the number of people involved in cybersecurity audits was 198, and the number of cybersecurity project meetings held was 20.

Shareholder services agency
KGI Securities Co., Ltd. Stock Affairs Agency
spokesperson
Huang Chao-feng / CEO
Investor contact window
Ms. Jian / Assistant Manager
EN
CONTACT

Privacy Preference Center

We use cookies to allow our website to function properly, personalize content and advertisements, provide social media features, and analyze traffic. We also share information about your use of our website with our social media, advertising, and analytics partners.

View Privacy Policy

Manage Consent

Necessary Cookies

Always Enabled

The operation of the website relies on these cookies, and you cannot disable them in the system. These cookies are typically set based on your actions (i.e., service requests), such as setting privacy preferences, logging in, or filling out forms. You can set your browser to block or prompt you about these cookies, but this may cause certain website functions to not work.