Organization and Governance Policy

ESG Committee

WIN established the Corporate Social Responsibility Committee in March 2016 and renamed it as the ESG Committee in 2021. The role of the chairperson is filled by a Board director who also serves as a senior executive. The Committee has five ESG promotion teams whose members consist mainly of executives of Centers and Departments as shown in the figure below. The teams are dedicated to tasks in corporate governance, care for culture and humanity, innovative technology, sustainable environment, and corporate value chain. They are responsible for formulating objectives for and the execution of policies or systems for corporate governance, development of a sustainable environment, and protection of social welfare. The ESG Committee reviews the results of its operations at the end of each year and reports to the Board of Directors. The key points in the report at the end of 2021 included the performance of ESG missions, the plans and material topics for the advancement of the plan this year, and the goals for corporate governance, environmental protection, employee health and workplace safety, and charitable activities for the following year.

Corporate Sustainability Philosophy

Corporate Governance Promotion

more

Regulation:WIN, by establishing the "Corporate Governance Best Practices Principles," promotes a sound corporate governance system, protects shareholders' interest, strengthens the functionality of the Board of Directors, and improves information transparency. WIN has established an effective corporate governance framework with functional committees under the Board of Directors, including the Audit Committee and Compensation Committee, to assist the Board of Directors by providing professional recommendations for governance.

Corporate governance supervisor:The Board of Directors approved the appointment of corporate governance supervisor on May 14, 2019. The positions are held by assistant vice presidents with at least three years of experience in legal affairs. The main responsibilities are to provide directors with necessary data for performing duties, assisting directors with regulatory compliance, and handling matters of Board meetings and shareholders' meetings in accordance with the law.

Major work was as below:

  • 1. Acting as the secretary of the Board and the major contact between the Directors and the Company.
  • 2. Assisting Directors to performing their duties and provide meeting materials information as they deem necessary as well as to help the communications between Directors and internal officers.
  • 3. Providing continuing educations information to Directors and arranging training courses for them.
  • 4. Assisting the arrangement the communication affairs between Audit Committee members, external CPAs and chief of internal auditor.
  • 5. Setting up the Board meetings agenda, call the meetings and providing meetings materials. Reminder the director for rescue in advance if there is any conflict interests matter. Providing meeting minutes within 20 days after the Board meeting.
  • 6. Assisting shareholders’ meeting affairs.

Education/training records:

Date Host by Course Title Hours
03/24/2021 Corporate Operation Association “How to hold a good shareholders’ meeting in 2021” lecture series - changes and case studies of shareholders’ meetings 3
09/01/2021 Digital Governance Association The impact of commercial courts on the operation of the Board and the execution of duties by Directors 3
10/27/2021 Corporate Operation Association Intellectual property rights and Corporate Governance 3
10/29/2021 Corporate Operation Association Practical cases and case analysis of Corporate Governance, Board of Directors and Compensation Committee 3
11/05/2021 Taiwan Corporate Governance Associate Cases study of violation of security laws and the responsibilities of Directors and Supervisors (including insider trading) 3
12/14/2021 Corporate Operation Association Operational practices of Board of Directors - management of agenda and minutes of Board meetings 3
Total number of course hours in 2021 18

Promotes a Culture of Integrity

more

Regulation:Corporate Governance Best Practice Principles", "Ethical Corporate Management Best Practice Principles", "Guidelines for the Code of Ethical Conduct" and "Procedures for Ethical Management and Guidelines for Conduct".

Responsible unit:WIN shall designate the Human Resources Division as the responsible unit and in charge of the amendment, implementation, interpretation, and advisory services with respect to these Procedures and Guidelines, and periodically submits a written report on the implementation status to the Board of Directors.

The responsible unit is to be in charge of the following matters:

  • 1. Assisting in incorporating ethics and moral values into the Company's business strategy and adopting appropriate prevention measures against corruption and malfeasance to ensure ethical management in compliance with the requirements of laws and regulations.
  • 2. Adopting programs to prevent unethical conduct and setting out in each program the standard operating procedures and conduct guidelines with respect to the Company's operations and business.
  • 3. Planning the internal organization, structure, and allocation of responsibilities and setting up check-and-balance mechanisms for mutual supervision of the business activities within the business scope which are possibly at a higher risk for unethical conduct.
  • 4. Promoting and coordinating awareness and educational activities with respect to ethics policy.
  • 5. Developing a whistle-blowing system and ensuring its operating effectiveness.
  • 6. Assisting the Board of Directors and management in auditing and assessing whether the prevention measures taken for the purpose of implementing ethical management are effectively operating, and preparing reports on the regular assessment of compliance with ethical management in operating procedures.
Item 2021 Objectives 2021 Performance Status 2022 Objectives 2030 Objectives
1. Penalties for violations of the ethical corporate management policy by Company employees 0 penalties for violations of the ethical corporate management policy by Company employees 0 penalties for violations of the ethical corporate management policy by Company employees Achieved 0 penalties for violations of the ethical corporate management policy by Company employees 0 penalties for violations of the ethical corporate management policy by Company employees
2. Employee response rate to questionnaires on the ethical corporate management culture and policy Employee response rate to questionnaires on the ethical corporate management culture and policy reaches 96% and above Employee response rate to questionnaires on the ethical corporate management culture and policy reached 98.55% Achieved Employee response rate to questionnaires on the ethical corporate management culture and policy reaches 97% and above Employee response rate to questionnaires on the ethical corporate management culture and policy reach 100%

Persons and hours of anti-corruption training

Course Issue Course enrollments Course length (hours) Total training hours
Corporate Governance 5 7.5 13.5
Culture of Integrity 3,462 0.33 1,142.46
RBA and Corporate Social Responsibility Statement 4,162 1.33 1,842.46
Total 7,629 9.16 2,998.42

Proportion of employees that passed anti-corruption courses based on employee categories

Employee category Number of employees that completed training and responded Total number of people Percentage of employees that completed training and responded
Governance Unit(President and above) 5 5 100.00%
Managers 372 382 97.38%
Professionals 1,382 1,423 97.12%
Technicians 1,703 1,703 100.00%
Total 3,462 3,513 98.55%

Implementation Status of Prevention of Insider Trading

more

Regulation:"Corporate Governance Best Practice Principles" and "Procedures for the Prevention of Insider Trading".

Article 10 of "Corporate Governance Best Practice Principles":To protect its shareholders' rights and interests and ensure their equal treatment, the Company shall adopt internal rules prohibiting company insiders from trading securities using information not available to the market.
It is advisable that the rules mentioned in the preceding paragraph include stock trading control measures from the date insiders of the Company become aware of the contents of the Company's financial reports or relevant results. Including prohibition of Directors from trading securities during a blackout period, which are 30 days before the announcement date of its annual financial report and 15 days before the announcement date of its quarterly financial reports.

Article 6 of "Procedures for the Prevention of Insider Trading":The Company's insiders shall exercise the due care and fiduciary duty of a good administrator and act in good faith when performing their duties, and shall sign confidentiality agreements. No insider with knowledge of material inside information of the Company may divulge the information to others.
No insider of the Company may inquire about or collect any non-public material inside information of the Company not related to their respective duties from a person with knowledge of such information, nor may they disclose to others any non-public material inside information of the Company of which they become aware for reasons other than performance of their duties.

We promote education and promotion for Board of Directors or employees once or more each year. We organize related courses for Board of Directors and senior manager on Nov. 5 and Nov. 9, 2021, which are included Securities Fraud (Insider Trading) and Responsibilities of Directors and Supervisors. We organize related courses for new employees each year to educate them on the Company's core value of "integrity and accountability." At the end of the year, we promote the policy of integrity and RBA to raise employees' awareness of "integrity and accountability.

Risk Management

more

Regulation:The Board of Directors of WIN is the highest management unit responsible for the Company's operating risk. With the assistance of the Audit Committee, the Board controls and manages the existing or latent risks of the Company, including establishing internal control systems, implementing internal auditing. By establishing the "Rules for Risk Management" which is including organization frame and risks boundaries, and then approved by the Board of Directors to reduce the possibilities of risk occurrence and mitigate the impact of risk-induced damage. Furthermore, reporting on the implementation status to the Board of Directors yearly.



The responsible units in the risk management organization proposed 86 risk factors in 2021.

According to the evaluation in 2021, no items required immediate improvements. Items that may be improved based on actual conditions consisted mainly of irregularities in key equipment, shortage of main materials, insufficient production capacity, updates of labor laws, and infringement of intellectual property rights. The responsible units shall propose prevention and recovery plans and test the effectiveness of emergency response plans each year. These items shall remain listed as medium to long-term risk management items and the Company shall continue to execute emergency response mechanisms.

WIN conducts sensitivity analysis and stress tests for risk items including financial issues such as exchange rate and interest rate fluctuations, interruption of water supply caused by climate factors, interruption of the supply of main materials and chemical leaks caused by fire, and information security risks.

Information Security

more

Purpose: With continuously evolving technology, information security management becomes even more complex. Maintaining information security and protecting confidential information is one of WIN's core values and long-term goals for maintaining competitiveness. Adhering to this philosophy, we actively promote the information security management system and organization to protect the confidentiality, integrity, and availability of information assets to ensure sustainable operations.

Information Security Governance Organization

  • WIN established the Information Security Management Committee, with Steve Chen, General Manager of Corporate Administration, serving as the top manager and chairperson of information security, and cross-departmental representatives from the CEO Office, the Monolithic Microwave Integrated Circuit BU, the Optoelectronic Device Development BU, the Operation & Manufacture Unit, the Quality Assurance Unit, the Auditing Department, the Legal Affairs & Public Relation Department, the Material Management Department, the Cyber Risk Management Department, and the Information Technology Department serving as committee members. The committee provides the necessary resources for the implementation of the information security system, coordinates the Company's information security strategies and goals, and ensures the effective implementation of relevant measures.
  • WIN established an Information Security Task Force under the Information Security Management Committee, with the manager of the Cyber Risk Management Department serving as the secretary-general, to drive various information security operations. To ensure the smooth operation of the information system and information security, the manager of the Information Technology Department serves as the leader of the Information Security Incident Reporting and Handling Team, the manager of the Information Risk Management Department serves as the leader of the Information Security Team, and the manager of the Auditing Department serves as the leader of the Information Security Audit Team. The Auditing Department lists information security as an annual audit item and reports the results of the audit to the Audit Committee and the Board of Directors respectively to ensure the effectiveness of the information security management system.

Information Management Strategy and Framework

Information Security Policy • Purpose
The information security policy includes regulations on the operations of information security measures to protect the safety of information assets, ensure their confidentiality, completeness, and availability, and thereby ensure the Company's overall competitiveness and gain customers' trust.
• Targets
1.Avoid disclosing information to unauthorized personnel to maintain information confidentiality.
2.Prevent information from tampering by unauthorized personnel to maintain the integrity of information.
3.Allow lawful users to obtain information when they need it.
4.Comply with information security related laws and regulations.
Information Security Statement I. The Company's management team has declared its determination to support information security, continue to improve the information security management system, and mitigate the potential impact of information security incidents to protect the rights and interests of our customers.
II. Suppliers and their employees, contractors, and personnel of outsourced vendors who have business relations with the Company must abide by the Company's Information Security Policy and related information security regulations and bear the responsibility of protecting information assets obtained from the Company or used for work purposes to prevent unauthorized access, tampering, destruction, or improper disclosure.
III. Suppliers and their employees, contractors, and personnel of outsourced vendors who have business relations with the Company must cooperate with the information security assessment and auditing operations stipulated by the Company to ensure continuous and effective operation of the information security management system.
IV. The development, modification, and maintenance of all information systems must comply with relevant information security regulations and the Company's Information Security Policy.
V. Suppliers and their employees, contractors, and personnel of outsourced vendors who have business relations with the Company shall remain vigilant at all times and report information security incidents, security vulnerabilities, and those in danger of violating the security policy and regulations at the time of discovery in accordance with the procedures.

Specific Management Plans

The Company has obtained management's commitment and support for the establishment of an information security management system. We continue to adopt the PDCA process to regularly review and update the documentation of the Information Security Policy and information security system in a timely manner and manage the retention of relevant records. We regularly identify information security risks and inspect information security key performance indicators (KPIs) to maintain the effectiveness of the information security management system and management procedures and prevent and reduce information security incidents.



• Organization of information security:
We established an information security management organization to supervise the operations of the information security management system, and identify the internal and external issues of the information security management system as well as the requirements and expectations of stakeholders and related groups.
• Communication security:
We established communication security related management regulations for the management of the company network and related equipment, in order to maintain the security of information transmission.
• Human resources security:
We established related operating procedures, signed documents, and implemented information security education, training, and promotion to improve employees' understanding of information security.
• System acquisition, development, and maintenance:
To ensure information security items that need to be inspected in the application system analysis, design, development, testing, launch, and maintenance phases, or the purchase/outsourcing of systems, we established regulations for the management of system acquisition, development, and maintenance.
• Asset management:
We compiled a list of the Company's information assets, which is periodically maintained, classified information assets, and established corresponding procedures for management, in order to properly protect the Company's information assets.
• Supplier relationships:
We require compliance with Company regulations, a non-disclosure agreement to be signed, establish management requirements for supplier relations, and restrict and manage related access rights when outsourcing information system services.
• Access control:
We established related control processes and procedures for access control, and periodically verify the access and usage of information assets, so as to avoid information assets from being misused for any reason.
• Information security incident management:
We established measures for reporting, handling, and preventing subsequent developments of information security incidents, and established complete handling processes and procedures for information security incidents.
• Cryptography:
To protect the Company's highly confidential data from being accessed by unauthorized personnel, the data is encrypted and goes through strict controls. Standards are established for the certificate used for encryption to strengthen information security.
• Business continuity management:
We assessed the risk of system interruption causing business suspension, and further developed response, backup, and recovery plans for main information and infrastructure of the information security management system. We also conduct periodic drills.
• Physical and environmental security:
The Company's physical areas are classified based on the level of confidentiality, and corresponding management procedures or control measures are established to protect the safety of information assets.
• Compliance:
WIN and its employees are required to comply with information security related laws, regulations, and contractual obligations, as well as the information security requirements of the Company. We periodically conduct information security audits to ensure the implementation of information security related control measures.
• Operation security:
We established standard operating procedures for changes to the operating platform, prevention of computer viruses and malware, data backup, system monitoring, and system vulnerability management, in order to maintain the normal operation of information systems.

Information Security Progress and Results

Policies and regulations • Maintain 19 policies and regulations related to information security
Information risk assessments • Inventory information assets and complete information risk assessment twice a year
Information security promotion and education • 100% of new employees completed the basic information security courses
• Made 5 public announcements to remind employees of the code of conduct for information security and to be alert of external attacks
• 4 social engineering drills per year for all employees
Operational continuity • Perform system recovery testing exercises for 2 important systems each year and conduct reviews based on the results of the testing exercises
Internet and system security • Establish and maintain comprehensive gateway control devices, anti-virus systems, network access control systems, system weakness enhancements, and file encryption systems and mechanisms, and implement rigorous access control and management for customer data and files
• Perform system vulnerability scans and penetration tests for external service systems twice a year
Information security indicators • Establish 20 information security KPIs to confirm the effectiveness of information security implementation
Information security audit and certification • Perform internal information security audits twice a year
• Obtained ISO/IEC 27001:2013 information security certification
Information security incidents • No information security incidents have made a major impact on the Company’s operations and no cases of leakage of customer or confidential information

ISMS Certifications

To verify information security policy and specific management plans have been implemented effectively, WIN complies with ISO 27001:2013 standards and audited by external accredited registrar to obtain certification.

IS Certification

ISO 27001 Certification

Intellectual Property

more

Regulation: “Intellectual Property Rights Management Regulations”.

1. Intellectual Property Rights Management Plan
As a leader of compound semiconductors in Taiwan, WIN is committed to the development and innovation of 5G/6G, key optical component technologies, and advanced manufacturing processes, which will achieve the Company's competitive edge in wireless communication, key optical components technologies, and semiconductor wafer fabrication sectors. We continue to obtain high-quality patents in key technical fields and ensure that the acquisition, protection, maintenance, and utilization of intellectual property comply with relevant regulatory requirements to avoid intellectual property infringement. We established the Intellectual Property Rights Management Regulations to manage the acquisition, maintenance, and utilization of patents, trademarks, publications, and trade secrets.
WIN established an Intellectual Property Management Committee (IPC) that encourages employees to disclose R&D results through IP proposals and patent allowance incentives to embody the intellectual property into patents, trade secrets, and papers.
WIN established an intellectual property disclosure system. Before the IPC decides to apply for a patent or treat it as the Company's trade secret, a patent engineer will evaluate the patentability of each IP proposal and ensure that the content of the proposal does not infringe on patents of any third party and contract agreements. Moreover, we enhance the Company's patent strategy to improve overall patent strength and increase the Company's competitiveness in the wireless communication and optical semiconductor wafer manufacturing sectors.

2. Status of the Operations

  • ● Amendment to the Intellectual Property Rights Management Regulations in December 2019.
  • ● Promoted the policy of Trade Secrets for all employees in December 2020
  • ● Promoted the policy of Intellectual Property Rights for all employees in December 2021.
  • ● Present the status of the Intellectual Property to the Board of Directors on December 24, 2021.
  • ● 181 patents were obtained as of the end of 2021.

For more information, please read full article

Download
Organization and
Governance Policy