We use cookies to allow our website to function properly, personalize content and advertisements, provide social media features, and analyze traffic. We also share information about your use of our website with our social media, advertising, and analytics partners.
Annual Performance
During the year, the Company demonstrated steady growth across financial, governance, and sustainability dimensions. Net profit after tax reached NT$1.492 billion, representing an increase of 11.86% compared with 2023, reflecting improved operational efficiency and the gradual realization of market expansion results, and laying a solid foundation for continued investment in innovation and sustainability.
At the same time, the Company maintained its commitment to integrity governance, recording zero corruption incidents for the year, demonstrating sound internal control mechanisms and effective risk management, and successfully fostering a transparent and responsible corporate culture. In terms of ethical management, the Company invested a total of 6,440 hours in education and training, strengthening employees’ awareness of legal compliance, ethics, and professional conduct, and embedding integrity as a core value of daily operations. In addition, the Company continued to promote governance diversity, with female directors accounting for 22% of the Board, enhancing decision-making perspectives and demonstrating the Company’s proactive efforts in gender equality and diversity and inclusion. In response to increasingly severe information security threats, the Company also successfully passed ISO 27001 Information Security Management System certification, indicating that its information protection processes meet international standards and effectively safeguard the data security of customers and partners.
Overall, these achievements demonstrate the Company’s comprehensive progress in financial performance, integrity governance, gender diversity, and information security, laying a more solid foundation for sustainable development.
14.92 billion
Net profit after tax
0
Corruption incident
6440 hours
Business integrity education and training
Information Security Management Policy
As technology continues to advance, information security incidents of various forms are occurring with increasing frequency, such as customer personal data breaches, ransomware attacks, and malware. Information security and customer privacy protection have become critical objectives of corporate information security management.
The Company places great importance on customer information security and privacy protection. In accordance with ISO 27001, the Company has established an information security management policy and framework, joined the TWCERT/CC Information Security Alliance to build a joint defense mechanism, established an internal information security management system, and formed an Information Risk Management Committee to strengthen the Company’s overall information security defense and incident response capabilities, with the aim of providing customers with a secure and reliable digital environment.
Information Security Policy
- To ensure the continuity of the Company’s business operations and safeguard the stability of information services.
- To ensure the confidentiality, integrity, and availability of the Company’s information assets.
Structure of the Information Security Risk Management Committee
Sunon has established an Information Risk Management Committee, with the President serving as the Chief Convener, responsible for overseeing internal information security matters. Based on functional responsibilities, personnel from the information technology unit are organized into task groups, including the Information Security Implementation Group, Information Security Technology Group, and Information Security Audit Group, to coordinate the formulation and implementation of information security and protection policies, information security risk management, and compliance reviews.
In addition, heads of the administrative unit and relevant units of each business division serve as committee members to review and resolve information security and information protection policies, ensuring the effectiveness of information security management measures.
The Chief Convener of the Information Risk Management Committee regularly convenes information security management review meetings to examine implementation status and reports execution results and improvement measures to the Board of Directors.
The Company’s Information Risk Management Committee structure is as follows:
- Board of Directors
-
- Information Risk Management Committee
(The general manager serves as the convener) -
- Administrative Unit
- Information Unit
-
- Audit Team
-
- Internal Information Security Audit
- External information security audit
- Technical Team
-
- Network administrator
- System personnel
- Establishment Team
-
- Information Security Management
- Data Center Management
- Heads of various business units
- Information Risk Management Committee
Information Security Management Mechanism
In an environment where external information security threats continue to evolve, Sunon enhances overall information security and personal data protection through defense-in-depth and joint defense mechanisms, as well as strengthened cloud access control measures, to prevent major incidents and penalties, and to fully safeguard the Company’s information security reputation and image.
Through internal audits, third-party external audits, and information security management review meetings, the Company regularly evaluates and measures the effectiveness of its information security policies, and provides feedback to the Information Security Committee for further follow-up and improvement.
At the same time, the Company regularly conducts information security awareness campaigns, phishing and social engineering email drills, and information security management education and training. Information service providers are also required to sign confidentiality undertakings and information security compliance agreements, ensuring that employees and information service providers fully understand information security issues and jointly safeguard the Company’s information security.
▼ Sunon Information Security and Privacy Protection Awareness and Training: Content, Frequency, and Results
| Information Security Awareness and Training | Target Audience | Frequency |
Training Content |
2024 Implementation Results |
|---|---|---|---|---|
| Signing of information security agreement and onboarding information security training for new employees | New employees |
Upon onboarding |
New employees are required to sign the agreement upon reporting for duty, and the Human Resources Department explains the Company’s information security policies during onboarding training | All new employees completed the signing of information security agreements and received information security training |
| Information system security awareness for employees | All current employees | Monthly | Information security awareness emails | All employees received awareness emails |
| Signing of confidentiality undertakings and information security compliance agreements by information service providers | Information service providers | Upon service contract signing | Information security compliance requirements Confidentiality undertakings | ERP system maintenance vendors Hardware and software service providers |
ISO 27001 Information Security Management System
In addition to complying with domestic information security regulations, the Company’s information security operating procedures also incorporate international information security standards, with the aim of enhancing information security protection and aligning with global practices.
As of the end of 2024, Sunon’s Kaohsiung Headquarters, Kunshan Guangxing Plant, and Beihai Sunon Plant have all passed the international standard requirements for ISO/IEC 27001:2022 Information Security Certification. The Company will continue to strengthen its information security management mechanisms and defense capabilities, practice good corporate governance and corporate social responsibility, and enhance global customers’ trust in Sunon’s information security.
Annual Implementation Status
- ✓ Implementation status for Year 114
- ✓ Implementation status for Year 113
- ✓ Implementation status for Year 112
- ✓ Implementation status for Year 111
- ✓ Implementation status for Year 110
<Information Security Incidents >
With respect to the response to and handling of information security incidents, the Company has established an Information Security Incident Management Procedure. In the event of an information security incident, the Information Security Committee serves as the reporting window, and the incident must be resolved and eliminated within the target response time. After the incident has been handled, a review and analysis are conducted and corrective measures are proposed to prevent recurrence.
In 2025, the Company did not receive any information leakage complaints from competent authorities or third parties.