The theme revolves around technology, earth and beauty.
The smiling earth in the centre of the picture and the mechanical and human hands next to it show that the mechanical and human beings are working together to create a beautiful world. The two people in the picture, although far apart, are able to talk to each other thanks to advanced technology, showing the overall sense of technology bringing a smile to the picture, which is the reason for the name of the painting. The background is a dark, intermingled water pipe, highlighting the theme.
Our Goals and Efforts
Quanta believes that the corporate culture of integrity is the foundation of our company's sustainability, and we are committed to internalizing integrity into the DNA of all Quanta employees, and under this belief, we will make the results of our research and development through technological innovation a source of sustainable profitability for the company, and share the results with our shareholders and employees. We also implement corporate governance, improve the supervision function, and promote the participation of all employees to control risks, so that the information security system can operate effectively and protect the normal operation of the company.
Our specific results are
- Quanta's total annual consolidated revenue in 2022 was NT$1,280,429,312,000, with a net profit after tax of NT$29,722,669,000 and earnings per share of NT$7.51. A dividend of NT$6 per share was distributed for the year.
- The accumulated number of patents reached 6,169. Due to the quantity and influence of its patents, Quanta has been ranked by Clarivate Analytics as one of the top 100 innovative institutions with the most innovative spirit for five consecutive years.
- Strengthening board diversity: In June 2022, in conjunction with the expiration of the director's term, the board of directors was re-elected. In consideration of gender equality, one female director was appointed, with a focus on financial expertise. The newly appointed independent directors had not served more than three consecutive terms, and there were no second-degree relatives among the directors.
- Board of directors' operation: In 2022, the board of directors held seven meetings, and all directors actively participated and provided professional opinions. The attendance rate was 100%. When necessary, auditors, managers, and other personnel were invited to attend and report. Risk management related matters, such as information security, corporate sustainability risks, intellectual property, and asset management, were reported to the board of directors at least once a year. ESG affairs were regularly reported every quarter. At the end of each year, the identification and communication with stakeholders were summarized and reported to the most recent board of directors in the following year. The most recent board of directors report was submitted on March 15, 2023.
- In November 2022, the evaluation of the board of directors' performance was delegated to an external, independent evaluation agency. The external evaluation and self-evaluation for 2022 have been completed and will be reported to the first quarter board of directors, audit committee, and compensation committee in 2023. The external evaluation agency is requested to attend the board of directors meeting to explain the evaluation results and improvement suggestions.
- To elevate the level of the "Sustainability Development Committee" and report directly to the board of directors, a dedicated organization, the Sustainability Development Center, was established to formulate the company's sustainability development strategy and integrate various plants and business units to jointly promote sustainability affairs.
- A chief information security minister was appointed, and a dedicated information security unit was established to oversee the company's security matters.
- The acquisition of ISO 27001 by various business units and manufacturing plants was promoted, and a framework was used to implement, maintain, and continually improve the security of the company's information assets.
- It was ensured that there are no violations of the integrity and ethical policies, cybersecurity management, or disclosure of customer information on an annual basis.
Quanta emphasizes corporate governance and sustainable management, and is committed to establishing an effective corporate governance structure, gradually formulating and promoting various systems and practices for sound compliance, introducing the system of independent directors, and optimizing the diversified composition of the board of directors to strengthen the functions of the board of directors; in 2016, the Audit Committee was established to oversee the fair presentation of the company's financial statements and the effective implementation of internal controls. In addition, a Compensation Committee was established in 2011 to review the policies, systems, standards and structures of directors' and managers' performance evaluation and compensation; a Corporate Governance Director was appointed in 2010 to ensure that the Company's shareholders' meetings and board of directors' meetings are held in accordance with relevant laws and regulations and the Corporate Governance Code. In addition, a Sustainable Steering Committee has been established to coordinate matters related to the Corporation's sustainable development, and to compile the results of the environmental, social and governance work in a Corporate Sustainability Report.
For details of the relevant operations, please refer to "3.4 Implementation of Corporate Governance" in the Quanta Computer Inc.Annual Report 2022.
Organization Structure
Composition and Diversity of the Board
The selection and nomination of directors of the Company is governed by Articles 17 and 17-1 of the Articles of Incorporation:
Article 17 :This Corporation will have five to nine (5-9) directors. The election of directors shall adopt candidates nomination system, and the shareholders shall elect among the nominees listed in the roster of directors candidates. The total number of shares of this Corporation held by directors shall be subject to the regulations set by the competent authority in charge of securities.
Article 17-1: The independent directors of the Company shall not be less than two in number and not less than one-fifth of the total number of directors. The election of independent directors and directors shall be carried simultaneously and be counted separately.
The professional qualifications, restrictions on shareholdings and concurrent positions held, assessment of independence, method of nomination and appointment, exercising duties and rights and other matters for compliance with respect to independent directors shall be handled in accordance with Securities and Exchange Act and relevant regulations. The professional qualifications, restrictions on shareholding and concurrent employment, recognition of independence, nomination and election, exercise of powers and duties, and other matters to be followed by independent directors shall be in accordance with the Securities and Exchange Act and related laws and regulations.
The election of directors is conducted in accordance with the " Election Procedures for Directors" and the " Rules and Procedures for the Board of Directors Meeting".
Please refer to the Company's website for the relevant rules and regulations: Visit Website
For a description of the qualifications, independence and diversity of the Board members, please refer to the Company's website: Visit Website
and the following sections of Quanta Computer Inc. Annual Report 2022:
3.2.1 Directors and Supervisor
3.2.1.1 Profiles of Directors
3.2.1.3. Professional Qualifications and Independence Analysis of Directors and
Members of the Audit Committee:
3.3. Remuneration of Directors, Presidents, and Vice Presidents In Recent Years
3.4.1. Operation of the Board of Director (BoD)
3.4.1.2.2 Execution of Directors' avoidance of motions in conflict of interests
In response to the expiration of the term of directors, the board was re-elected in June of 2022. The Company has added one seat of female board member in consideration of gender equality and strengthen board seats of members with financial background. None of the newly elected board members has served on the board for more than three consecutive terms.
The board is consist of four non-independent directors and three independent directors, all of whom are natural persons. Within seven seats of the board, the percentage of independent directors accounts for 42.86%. One board member is female, which accounts for 14.29% of the board. In terms of composition of ages, five directors are over age 70 and two are under age 60. None of the Directors are within the second degree of kinship. Status of executing the diversify of the board for the current term is as follows:
The specific management objectives of the Diversification Policy and the circumstances under which they were achieved are as follows:
| Management objectives | Achievement |
|---|---|
| More than 1/3 of independent directors | |
| None of the newly elected board members has served on the board for more than three consecutive terms. | |
| Aded one seat of female board member | |
| The performance evaluation of the Board of Directors is conducted by an external professional and independent organization at least once every three years | |
| Please refer to the section " 3.2.1.4 Diversity of the Board of Directors" of the Quanta Computer Inc. Annual Report 2022 for details of the relevant operations. | |
Evaluation of the Board of Directors:
The Company has established the “Procedures to Evaluate the Performance of the Board of Directors and Functional Committee” in 2019 and the procedures were modified in December 2020 to contract external professional independent institutions or external professional scholars for assessment at least once every three years.
At the end of each fiscal year, the Company would evaluate performance of the board and functional committees for the year based on evaluation indicators. The evaluation is completed before the end of the first quarter of the following year to ensure the operation of the board is in compliance with relevant law and regulations. As of November, 2022, the Company has contracted “Taiwan Institute of Ethical Business” as the external independent assessment institute to conduct the FY2022 performance evaluation of the Company’s Board of Directors.
Both the external and internal assessments were completed for FY2022. The assessment results were reported to the Remuneration Committee on March 6, 2023 and the Audit Committee on March 15, 2023, as well as the Board of Directors meeting. The external assessment institute was invited to report the evaluation results and to provide improvement suggestions at the Board of Directors meeting
Please refer to the section " 3.4.1.2.3 Evaluation of the Board of Directors" of the Quanta Computer Inc. Annual Report 2022 for details of the relevant operations.
Functional committees
| Committee | Duty | Member | Number of meetings | Attendance rate |
|---|---|---|---|---|
| Audit Committee |
The fair presentation of the Company's financial statements. The selection, independence and performance of the certifying accountant. Effective implementation of the Company's internal controls. The Company's compliance with relevant laws and regulations. Control of the Company's risks or potential risks. |
Independent director Hung Ching Lee Independent director Dr. Pisin Chen Independent director Su-Pi She |
4 | 100% |
| Compensation Committee |
To faithfully perform the following duties and responsibilities with
the care of a good manager and to submit proposals to the Board of
Directors for discussion: To establish and regularly review the policies, systems, standards and structures for the evaluation of performance and compensation of directors and managers. To regularly evaluate and set the compensation of directors and managers. |
Independent director Hung Ching Lee Designated person Su-Pi She Designated person Samuel Lee |
3 | 100% |
| Sustainability Steering Committee |
According to the work plan of the sub-committees, the sub-committees
will meet at least twice a year to discuss the annual plan and the
overview of the goals achieved. The Steering Committee for Sustainable Development reviews the work of each subcommittee, discusses future development strategies, and reports specific results and work to the Board of Directors. |
Chairman:Barry Lam Vice Chairman & President: C.C. Leung Director:C. T. Huang After the meeting, a person will be assigned to report to the board of directors on the operation and implementation of sustainable development, and to report quarterly on the implementation of the greenhouse gas inventory and verification schedule plan, and to submit the "ESG Sustainable Development Strategy Direction" for the next year to the board of directors for a resolution to implement the contents, direction and results of the meeting. |
5 | - |
| Please refer to the section 3.4.2 Operation of the Audit Committee" and "3.4.4 Operation of Remuneration Committee" of the Quanta Computer Inc. Annual Report 2022 for details of the relevant operations | ||||
Established in May 1988, Quanta Computer is a one of the Global Fortune 500 Companies and also one of the world’s leading notebook manufacturers. Aside from our leadership position in notebook manufacturing business, we have extended our reach to cloud computing business, mobile communications products, smart home, smart mobility, smart manufacturing, smart medical, AIoT, and metaverse related VR & AR applications to proactively expand the integrated deployment of our operation and explore new business opportunities. The Company invests in new business opportunities, new applications, and new products to accumulate our strength in capturing first mover advantage.
Our global deployment is centered around the principle of “Taiwan design, smart manufacturing, global logistics and sales”. We have built high-efficiency production sites in Taiwan, Shanghai, Changshu, Chongqing in Mainland China, and Thailand, with plans to initiate investment in Vietnam in 2023. We have further established regional manufacturing sites and maintenance locations in Taiwan, the U.S., and Europe. Our global deployment strategy is to provide services with proximity to customers and market, and assemble products with flexibility based on different customer requirements. Doing so would allow us to shorten production lead-time, reduce transportation cost, and to meet the actual needs of customers. For related information, please refer to the section "5. Business Activities" in Quanta Computer Inc. Annual Report 2022.
The total number of employees in the scope of this report is approximately 62,000 (including employees of QRDC, QTMC, QSMC, QCMC and QMB). Quanta Computer Inc. was listed on the Taiwan Stock Exchange in 1999 under stock code 2382. In 2021, the Company did not merge or acquire shares of other companies to issue new shares. For related information, please refer to the section " 4.1.1 Sources and Types of Capital " in Quanta Computer Inc. Annual Report 2022.
Overview of Market and Sales
Major Products and Service Regions: Notebook PCs are our main product category and are mostly for export. Major exporting regions are as follows:
Our products are sold worldwide and a diversified composition of customer portfolio, with the U.S. being the major exporting region, followed by Mainland China. We have assembly sites and after-sales service centers established in Taiwan, California and Tennessee in the U.S., Aachen in Germany, South Korea, Japan, Singapore and Thailand. With SAP information systemsimplemented, we provide branded notebook suppliers and mega data center customers with more efficient global services and technical supports. There were no significant changes during the year.
Sources and Types of Capital
Note 1: Above shares have been publicly offered.
Note 2: Unissued stock includes 100 million shares of employee
options/warrants.
Note 3: No preferred share was issued
Structure of shareholdings
Quanta's vision for sustainable development is centered around technology innovation benefiting society, with innovation as the driving force propelling Quanta forward. Quanta aims to enhance product competitiveness to deliver better products and service experiences to customers, which is crucial for earning customer trust. Quanta encourages employees to come up with innovative ideas and fosters their personal development and co-creation for the future while innovating. To achieve this goal, Quanta invests resources and expenses because we believe that only through innovation can we create a better future and drive the development and progress of more people.
Research and development expenses for the last two years:
In FY2022, Quanta's research and development expenses were NT$21.3 billion, an increase of NT$2.7 billion or 14% from NT$18.6 billion in FY2021; the ratio of research and development expenses to operating revenue for the past two years was 1.65% and 1.67%, respectively.
In addition, Quanta continuously monitors the progress of new technologies through the Quanta ELITE School. The curriculum includes online and physical courses, accumulating a database of over a thousand courses to enable employees to stay updated and learn in line with the latest advancements. Quanta also incentivizes employees who propose research and development outcomes by providing bonuses upon patent applications and approvals. Each year, the best patent designs and inventors are selected, and awards are presented at the company's annual gathering, motivating employees to continue innovating.
Because of the spirit of "innovation" and "research and development", Quanta has spared no effort in the development of new technologies and products. In terms of intellectual property protection and R&D achievements, as of 2022, the Company has filed 8,149 patent applications in Taiwan, the United States, China, Japan, and Europe, and has obtained 6,169 patents in China, the United States, the United Kingdom, France, Germany, Japan, and other countries, and has obtained patents in the fields of notebook computers, servers, artificial intelligence (AI), Big Data, Cloud, AR/VR, and other related technologies, As a result, Quanta has been selected as one of the "Top 100 Global Innovators" for five consecutive years. Clarivate, a research firm, selected companies and organizations with more than 500 invention patents since 2000 and more than 100 invention patents granted within 5 years as the benchmark, and based on Influence, Success, Globalization, and Rarity, The strength of the inventions is evaluated based on Influence, Success, Globalization, and Rarity to assess the sustainability and scale of innovation of the innovative organizations.
Summary of 2022 Operating Results
The global notebook market shrank significantly in 2022 compared to the previous year, and Quanta's notebook shipments were also affected by the decline. Fortunately, thanks to the increase in average unit price and the continued strong demand for cloud-related products such as servers and smart cars, as well as the easing of material shortages in the second half of the year, Quanta's consolidated net revenue for the year reached a new high of NT$1.28 trillion, up 13.47% from NT$1.13 trillion in the previous year.
Net income after tax for 2022 and 2021 will be NT$29,723 million and NT$34,360 million respectively, of which net income attributable to owners of the parent company will be NT$28,957 million and NT$33,653 million respectively; gross profit margin for 2022 will be 5.5%, operating profit margin will be 2.4%, net profit margin will be 2.3%, and earnings per share (EPS) will be NT$7.51. The Board of Directors also resolved to distribute cash dividends of NT$6.0 per share, representing a dividend payout ratio of 79.9%. In terms of financial income and expenses, non-operating net income was NT$9,592 million.
Risk Management Policies and Procedures
The Company has established the "Risk Management Guidelines" and was approved by the Board of Directors in December 2020 as the guiding principles for risk management and to facilitate the identification, analysis, evaluation and control of operational risks. The Board of Directors is responsible for establishing and overseeing the risk management structure of the Group, including the Company and important production sites. The President is responsible for the development and control of the Consolidated Companies’ risk management policies and reports regularly to the Board of Directors on its operations. The most recent reporting date was December 16, 2022.
Scope of Risk Management
The main objective is to mitigate the impact of risks on the enterprise, to ensure that the operational risks of the Group are under the scope of control, to enable the Group's overall operations to focus on business growth and operational efficiency, and to help safeguard shareholders' equity.
Based on the risk events that occurred in the previous year and the opinions of external experts, the Group deliberates on the issues that may adversely affect the operations of the Company and the Consolidated Companies in the current year at the beginning of the period, and use them as the basis for the overall assessment and risk ranking of operational risks in the following year. Planned risk control items then undergo proposed risk management measures after approval for overall monitoring or mitigation.
The monitoring and control tools mentioned above include, but are not limited to, the use of self-risk management as a risk control/risk retention, or risk transfer/insurance.
The Company's risk management procedures include: risk identification, risk measurement, risk monitoring, risk reporting and disclosure, and risk response.
For related operations, please refer to "7.6 Analysis of Risk Management" and "5.6 Information Security & Management" in the Quanta Computer Inc. Annual Report 2022
Policies and procedures
Quanta believes that honest operation is the way for the company's long-term development and has set a goal to establish a culture of integrity among all employees. To ensure that all Quanta employees, including directors, managers, employees, and suppliers, understand the principles of honest operation and have a shared understanding of compliance, the company has established the "Code of Conduct for Honest Operation," "Practical Guidelines for Corporate Governance," "Code of Ethics," and "Prevention of Insider Trading Procedures." After being approved by the Board of Directors, these regulations can be read and queried on the Quanta Computer official website under Corporate Governance and Important Company Regulations.
In 2022, to strengthen the moral and ethical awareness of all employees, Quanta has formulated the "Policies on Ethics and Integrity," which have been announced on the website after being approved by the General Manager. The company also has an "Employee Code of Ethics," which is regularly disseminated to colleagues every year.
All of Quanta's honest operation policies and procedures clearly indicate that the company has a zero-tolerance policy for any form of violation of business ethics, corruption, or bribery. Quanta's employees are not allowed to accept inappropriate gifts or engage in insider trading. When engaging in business activities related to the company, employees mustn't sacrifice the company's interests due to conflicts of interest with their personal interests. We are committed to respecting intellectual property rights and will not engage in business activities that violate the Fair-Trade Act or the Antitrust Act. When personal information needs to be collected for business purposes, we will also comply with the laws and regulations of each country. We pledge to disclose economic performance and business activities transparently in accordance with the law, and charitable donations will also be made based on legal requirements and publicly disclosed.
We also expect our customers, suppliers, business partners, and other stakeholders with whom we have business dealings to understand and support us. Since 2015, Quanta has required selected suppliers to sign the "Quanta Supplier RBA Code of Conduct Compliance Statement," which requires suppliers to comply with the standards and regulations for labor, ethics, safety and health, environment, and management systems outlined in the code of conduct. We also encourage suppliers to voluntarily undergo RBA audits or to be audited by our own CSR team.
All our efforts to have suppliers sign the "Quanta Supplier RBA Code of Conduct Compliance Statement" have paid off, with all 11 targeted suppliers achieving compliance by 2022. We are proud to announce that a total of 903 suppliers have completed this process to date.
Execution of ethics and integrity
Our company has implemented many procedures to prevent conflicts of interest. First, a director or manager shall obtain prior approval of the shareholders or the Board of Directors respectively as required by law when engaging in any act within the scope of business of the company; In terms of the operation of the Board of Directors, the company shall, in order to implement the corporate governance, improve the supervisory and strengthen the management, to make the rules of procedure in accordance with the relevant provisions of the "The Codes of Ethical Conducts ", "Corporate Governance Best Practice Principles ",”Procedures for Handling Material Inside Information_2022” in accordance with the relevant provisions of the Securities Act. In addition, the " Procedures for Handling Material Inside Information_2022" and " Procedures for Insider Trading Prevention" have been established to prevent insider trading., so that the Board of Directors and senior management can cooperate to implement integrity management. For details of the implementation, please refer to "3.4.6 Fulfillment of Ethical Corporate Management and Deviations from the "Ethical Corporate Management Best Practice Principles for TWSE/GTSM Listed Companies" in the Quanta Computer Inc. Annual Report 2022.
In terms of board operations, in order to implement corporate governance, improve supervisory functions and strengthen management functions, in accordance with the relevant provisions of the " Regulations Governing Procedure for Board of Directors Meetings of Public Companies ", the Company has established the Rules of Procedures of the Board of Directors for compliance. When a motion involves a director's interest and there is a risk of harming the Company's interests, the relevant director will recuse himself or herself from the meeting in accordance with the principle of interest recusal to protect the interests of the Company and its shareholders. Please refer to "3.4.1.2.2 Execution of Directors’ avoidance of motions in conflict of interests" in the Quanta Computer Inc. Annual Report 2022.
To ensure that all employees have a clear understanding of the company's principle of good faith, the company reminds its governance members and employees every year to read and sign the "employee code of ethics" as part of their compliance commitment. If there is any conflict of interest, the employees should make an honest declaration, and the management should confirm whether there is any impact and take necessary preventive measures. The General Manager will then confirm the completion of the annual declaration of interest conflict and ethics compliance. Except for employees who are on leave or suspension during the declaration period, all governance staff and indirect personnel with computers are required to complete the interest conflict declaration within two weeks. A total of 4,407 senior managers from the Taiwan plant (3,361), the China plant (1,012), and the Thailand plant (34) have completed the declaration, with a ratio of 100%. (The statistics period is from September 1 to September 16, 2022, and senior managers are defined as deputy managers to managers or above.)
Promotion and Education Training
During new employee training, each plant's new recruits receive training on the company's integrity and ethical policies and are explicitly informed that the company prohibits any form of corruption, bribery, fraud, extortion, or embezzlement of public funds. Any violation will result in strict disciplinary action or legal action. Employees are also informed of the upper limit for receiving gifts based on normal social relationships, and the handling principles when the gift value exceeds that limit. Employees are aware of the channels for anonymous or named reporting of violations of business ethics. Related regulations can also be found in the new employee handbook.
In the mandatory training courses for supervisors, such as management case studies, talent selection, goal setting, and performance management, the concept of anti-corruption is integrated into the core competencies of 2B culture, such as "proactivity" and "high self-demand", through the supervisor's manual. The CSR annual training includes classroom courses and online corporate social responsibility training videos, which aim to promote and educate anti-corruption policies in Quanta.
A total of 8,211 employees in the Taiwan plant, 73,295 in the China plant, and 3,917 in the Thailand plant have received training on integrity policies, with a ratio of 100%.
Channels and Handling of Complaints
All employees should remain vigilant against any violation of the employee code of ethics. When there are concerns or discoveries of any violations of the employee code of ethics, it is the responsibility of all employees to report them to their supervisors. If necessary, they may report directly to the HR director, the internal audit manager, or through an employee complaint channel.
Employees can use the following channels on the official website to file complaints, express opinions, or make inquiries with all stakeholders at Quanta, in addition to the aforementioned
channels:
- Corporate Social Responsibility (CSR Contact Window for each plant): Visit Website
- Code of Conduct (Independent Window at Headquarters):Visit Website
All complaints can be filed anonymously or with identification. If a reported violation involves a member of the governance level, the report will be submitted to the chairman or vice chairman, who will then assign a dedicated supervisor and audit personnel to conduct an independent investigation. If the reported violation involves an ordinary employee, the audit team will investigate and provide a report to the highest-level executive in charge of the relevant area for further handling. If an employee violates the employee code of ethics, they will be punished in accordance with the relevant rules and regulations, and in serious cases, law enforcement agencies will be notified. If a supplier violates Quanta's employee code of ethics, the partnership will be suspended in accordance with the contract provisions. The annual results of these actions will be reported to the Board of Directors, including details of the investigation and improvement plans. Quanta promises to protect any stakeholder who reports any violations of the employee code of ethics and participates in the investigation process to avoid unfair retaliation or treatment.
2022 Performance Report
Strategies and Objectives
Information security is a crucial cornerstone for sustainable development and maintaining core competitiveness in the enterprise. At Quanta, we are committed to enhancing the overall management of information security as our goal. We have established a layered defense framework to enhance overall protection and conduct comprehensive risk monitoring. We will continue to refer to domestic and international trends, international standards, and advice from external professional consultants to allocate appropriate security budgets annually, optimize various protective control measures, strengthen education and training for all personnel, improve security awareness and response capabilities, and safeguard the company's operations and information security
"Everyone participates, controls risks, and ensures the effective operation of the information security system to protect the normal operation of the company. " is the motto of Quanta's information security strategy.
Quanta's information and communication security policy has three objectives:
Organization
In the first quarter of 2022, the Board of Directors approved the establishment of a Cybersecurity unit and the appointment of a full-time minister. The cybersecurity unit is called the "Information Security Center" and reports directly to the general manager or his designated representative. It is responsible for convening meetings of the Proprietary Information Security Committee (PIS). The Information Security Center has set up the Information Security Management Department and the Information Security Technology Department, responsible for the management of cybersecurity matters within the group. This includes coordinating cybersecurity policies, international cybersecurity standards verification and auditing, implementing and verifying cybersecurity mechanisms, building layered defenses, enhancing cybersecurity levels, and aligning with international standards. The center regularly reports on relevant risks, issues, and management effectiveness.
To demonstrate the company's good cybersecurity management and strengthen cross-departmental collaboration within the group, the existing PIS committee has been expanded to become the highest guidance unit for group-wide information security. Through biannual committee meetings, monthly meetings of the Information Security Center, and regular and ad hoc project meetings, various information security management policies and measures are continuously promoted. Comprehensive reviews and optimizations of information security policies and cybersecurity measures are conducted at least once a year, and the execution of information security is reported to the board of directors at least once a year. The most recent report was submitted on November 11, 2022.
Information Security Promotion Goals
In order to evaluate the performance and effectiveness of the information security management system, the company has established 17 security indicators for the organization, personnel, processes, and technical aspects of information security, strictly examining the implementation of the cybersecurity management. All cybersecurity indicators were successfully achieved in 2022.
| Aspects | Cybersecurity KPI | Handling status in 2022 |
|---|---|---|
| Organization | Regular review of the information security management system documents. | Achieved |
| Conducting risk assessments regularly. | Achieved | |
| Personnel | All employees sign confidentiality agreements. | Achieved |
| Receiving appropriate information security education and training in accordance with regulations. | Achieved | |
| Technology | No audit records that are supposed to be open but are unopened. | Achieved |
| Conducting vulnerability scans regularly. | Achieved | |
| No firewall rules that have not been removed or have inappropriate permissions. | Achieved | |
| The availability rate of core servers is >=99.98% per month. | Achieved | |
| The availability rate of the data center infrastructure is >=99.98% per month. | Achieved | |
| The availability rate of the external network is >=95% per month. | Achieved | |
| Process | No unauthorized personnel have access to the production environment. | Achieved |
| No unauthorized software installation. | Achieved | |
| Application system changes are all authorized. | Achieved | |
| Report of cybersecurity incidents within the specified time according to regulations. | Achieved | |
| Conducting regular business continuity exercises. | Achieved | |
| Keeping relevant records for entering and exiting the data center and granting appropriate permissions. | Achieved | |
| Conducting regular checks on system security-related settings. | Achieved |
In response to the increasing cybersecurity risks, based on the results of risk management, the development of information and communication technology, and changes in the external environment, the cybersecurity promotion direction of Quanta will continue to be adjusted, with the goal of establishing company-wide cybersecurity standards, achieving a balance between business and cybersecurity, and promoting full participation in collaborative operations by all to meet the company's security policy requirements.
Construction of an overall cybersecurity framework
Our company values the maintenance of information security. Since 2008, we have invested in cyber insurance and established the "Information Security Management Policy" and "Information Security Risk Management Framework". Starting in 2020, we have aimed to obtain the ISO 27001 certification and have actively promoted its implementation in 2021 to meet the increasing demand for information security. Our main operations are as follows:
Results of cybersecurity control execution
Our company conducts regular internal and external cybersecurity audits and customer audits, and no major deficiencies or incidents that caused customer or company losses have been found. We are able to respond to and control internal and external cybersecurity threats through various control measures.
To respect intellectual property rights and protect personal information and customer privacy, Quanta has established the Proprietary Information Security (PIS) Committee. In 2022, the PIS assumed greater responsibilities and, within the existing framework, was reorganized as the top-level advisory unit for group information security, overseeing and coordinating related matters. In the second half of 2022, the first PIS Committee meeting after the restructuring was held, with the goal of ensuring that Quanta employees and the entire supply chain comply with the company's policies related to the protection of proprietary information.
Confidential Information Protection Policy
To protect proprietary information, the company has established policies and procedures such as "Patent Management Regulations," "Integrity and Ethics Policies", "Privacy Protection Management Procedures," the "Quanta Computer Personal Data Protection Act," "The Five Do Nots for Protecting Confidential Information", and security management measures at each plant. These policies and procedures disclose the company's management systems for confidential information, including intellectual property rights, personal privacy, and access control that may pose a risk to the company's confidential information. After joining the company, employees sign confidentiality agreements to clearly understand their confidentiality obligations. If a project involves proprietary information, the employees and suppliers involved will also sign a confidentiality agreement. Comprehensive policies and management systems are in place to ensure the complete protection of company and customer proprietary information. Personal data is also saved and used according to relevant management procedures.
Implementation
The company promotes and manages relevant policies through the PIS committee and reviews management policies for any necessary adjustments through regular meetings. In addition, the company undergoes periodic audits from customers to comprehensively review whether there are any deficiencies in the implementation of the company's confidential information protection measures. There have been no significant incidents of customer audits or complaints regarding violations of proprietary information protection or privacy infringement or loss of confidential information since 2022.
Filing Complaints and Management
If any matters that may endanger confidential information are found, they can be reported to the company through the Code of Ethics (Headquarters' Independent Window) Internal colleagues can also file complaints by reporting them to their supervisors or through the channels provided by the Human Resources department. Once a complaint is received, Quanta will assign responsible personnel to handle the situation, and if a violation is confirmed, the company will take appropriate disciplinary action according to its work rules.
Education, Training, and Awareness
In 2022, a total of five awareness campaigns were conducted. The annual training focus for the year was on information security protection measures, with a completion rate of 100%.
Achievements in 2022
