Corporate Governance

VIVOTEK strives to establish and maintain a sound system of corporate governance and believes that all-around corporate governance is the foundation of enhancing business momentum, protecting shareholder rights, and maintaining the company’s integrity. In addition to formulating Corporate Governance Code, Governing Procedure of Board of Directors' Meetings, Rules and Procedures of Shareholders' Meetings, Code of Ethics, Code of Business Conduct and Procedures for Ethical Management and Guidelines for Conduct, and Principles of Corporate Social Responsibility, as required by law, and setting up board functions and operations in compliance with related regulations, VIVOTEK has also established an internal control system. You can download related regulations from VIVOTEK Homepage/Investor Relations/Corporate Governance.

Organization Chart of VIVOTEK

Information Security Management

Information Security Organizational Structure

VIVOTEK, in the surveillance industry, established its Information Department in 2020, which encompasses two major functions: Information Management and Information Security Management. The Information Security Management team operates under this structure. The Information Security team includes the CEO and senior executives as members, convening regular meetings annually to discuss the following topics and reporting to the Board of Directors each year:

1. Review the status of information security implementation and assess recent significant information security threats.
2. Examine and review major cybersecurity incidents, tracking the outcomes of corrective measures.
3. Establishing unified metrics for information security risk objectives.
4. Resolving Annual Information Security Resources and Continuous Management Measures

Information Security Policy and Procedure

VIVOTEK's information security policy is to protect business information and ensure continuous business operations. This policy applies to all colleagues, temporary contract personnel, and outsourced vendors who access information assets of the Company. All VIVOTEK employees must adhere to relevant information security standards and policies, including:

1. Respecting intellectual property rights

2. Obtaining proper authorization before installing or using any software or services for business purposes

3. Installing antivirus software

4. Reporting lost information equipment promptly

5. Using the company email system exclusively for business purposes

6. Maintaining confidentiality of company business information and secrets 

7. Safeguarding company information system account passwords

8. Reporting cybersecurity incidents and network security events promptly

ISO 27001 Information Security Management System

In response to ISO 27001: 2013 certification requirements beginning 2021, a dedicated Information Security Team was set up at VIVOTEK. To ensure ststainable operations and maintain acceptable risk levels, we implemented mechanisms for information security risk management and standard procedures for cybersecurity incidents. Through continuous improvements on the PDCA: Managing Reviews and Audits, we maintain the effectiveness of our management system and guide relevant units in conducting annual risk assessments and providing educational training at headquarters. VIVOTEK has established regulations aligned with ISO 27001, ensuring compliance with both quality system and information security standards. We plan to upgrade to ISO 27001:2022 in 2025.

Corporate Network Information Security

The key priorities of corporate network information security for 2023 are as follows:

1. Maintaining ISO 27001 management system certification for the IT Department

2. Implementing an MFA protection mechanism for corporate cloud email services

3. Installing an endpoint access control and data breach protection mechanism

4. Adding redundancy to the firewall mechanism to enhance availability and external protection

5. Supplying data centers with power equipment and systemized cabling

6. Increasing external bandwidth to enhance system availability

7. Providing annual information security education and training to non-direct personnel at the corporate headquarters, targeting an average of 1.5 hours per person

Product Information Enhancement

VIVOTEK products are primarily network-oriented, making them vulnerable to cyberattacks in an era where IoT and AI are universal. This has led to increased customer concerns about product information security. The software and firmware development process of VIVOTEK has incorporated static code scanning and dynamic vulnerability testing to ensure product safety, quality, and systematic management of technical vulnerabilities. Additionally, VIVOTEK products undergo periodic penetration testing by external verification entities to ensure that product safety is aligned with market and customer expectations.

The key priorities of product information security for 2023 are as follows:

1. Regularly sending products for verification to comply with Taiwan's IoT information security standards

2. Developing products based on the IEC62443 ML2 framework

3. Introducing a safer data encryption mechanism for cloud products to protect customer data from unauthorized access, including by system administrators

4. Continuously conducting static scans and subsequently black-box testing during product development and addressing material and moderate vulnerabilities

5. Revising products to ensure compatibility with security standards of new generation browsers

6. Updating product application servers

Emergency Response Mechanism

To effectively deal with information security issues related to enterprises and products, VIVOTEK established an information security emergency response team in 2020. Combining global marketing, sales operation, information security, product planning, and product R&D, the team handles and responds to product-related information security issues reported by external parties. In addition to dealing with product information security, it handles and addresses information security issues related to the Company website. Through standard operating procedures, efficient handling of issues is achieved to control damage and minimize customer complaints.

In 2023, there were neither significant information security incidents nor complaints of customer privacy violations or loss of customer data.

VIVOTEK has an information security page on its official website, providing vulnerability policies, security enhancement guidelines, and related security bulletins. To ensure joint protection of end-user information security, VIVOTEK provides an online customer service email address:

security@vivotek.com, for immediate reporting of vulnerabilities and other security issues.