Purpose

1. Blockchain Technology Co., Ltd. (hereinafter referred to as "the Company") has established this policy to enhance information security management, ensuring the confidentiality, integrity, and availability of its information assets. This policy aims to provide a secure information environment for the continuous operation of the Company’s IT services while complying with relevant regulations, protecting against intentional or accidental internal and external threats.

Scope

1. This policy applies to all departments within the Company.

Definitions

1. Information Assets: Refers to hardware, software, services, documents, and personnel necessary for maintaining the normal operation of the Company's IT services.
2. Information Environment for Continuous Operations: Refers to the computer operating environment required to sustain the Company's business activities.

Objectives

1. The Company is committed to maintaining the confidentiality, integrity, and availability of its information assets while ensuring user data privacy. Through the collective efforts of all employees, we strive to achieve the following objectives:
   1. Protect the Company’s business information from unauthorized access or modifications to ensure accuracy and completeness.
   2. Establish a cross-departmental information security organization to formulate, promote, implement, and evaluate information security management measures, ensuring a secure information environment for continuous business operations.
   3. Conduct information security training to enhance employee awareness and responsibility regarding information security.
   4. Implement risk assessment mechanisms to improve the effectiveness and timeliness of information security management.
   5. Enforce an internal information security audit system to ensure proper implementation of security policies.
   6. Ensure that all business activities comply with relevant laws and regulations.

Responsibilities and Commitments

1. The Company’s management team is responsible for establishing and reviewing this policy.
2. The Information Security Committee implements this policy through appropriate standards and procedures.
3. All personnel and outsourced service providers must follow relevant security management procedures to maintain information security.
4. All personnel are responsible for reporting information security incidents and any identified vulnerabilities.
5. Any behavior that endangers information security will be subject to civil, criminal, and administrative penalties, or disciplinary action in accordance with the Company’s regulations.

Review

1. This policy shall be reviewed at least once a year to reflect the latest developments in government regulations, technology, and business practices, ensuring the Company’s sustainable operations and information security capabilities.

Continuous Improvement

1. The Company follows the PDCA (Plan-Do-Check-Act) cycle quality management model, establishing a systematic and documented management mechanism. Through continuous monitoring, regular audits, and periodic reviews, the Company aims to enhance the suitability, appropriateness, and effectiveness of its information security system.

Implementation

1. This policy shall take effect upon approval and announcement by the "Information Security Committee Convener." The same applies to any revisions.