TIPS Implementation Status in 2024

Walsin Lihwa implemented the Taiwan Intellectual Property Right Management System (TIPS) to Yenshui plant and headquarter in 2020 and Hsinchuang plant is then joined in 2021. Walsin Lihwa continued to acquire the TIPS (level A) certification in 2023. To further improve the internal control of intellectual property management in Walsin Lihwa, in 2024, we built up automatic information connection among different plant in accordance with the automation and systemization promotion. Also, establish management measures for copyrights and trade secrets, aiming to enhance the scope of intellectual property management. The intellectual property right management policies and the targets are planned according to the TIPS regulation 5.2 and 5.3. The implementation status and annual plan are reported at a board meeting on November 8, 2024.

Intellectual Property Management Plan

• • Intellectual Property Right Management Policies
    1. R&D for innovation and competitiveness enhancement,
    2. Employees’ awareness of intellectual property rights for more effective intellectual property right management.
    3. Confidential document management, and
    4. Execution corporate governance with compliance

    ※ The targets and implementation status according to the intellectual property right management policies, are listed in the “Annual implementation status and achievement ”section.

• • Intellectual Property Management Measure
  • Since the implementation of TIPS in 2020, Walsin Lihwa has continuously conducted sampling inventories of its patents, trademarks, copyrights, and trade secrets. Additionally, measures to encourage innovation, execute periodically IP training, improve IP management and contract review are taken with systematization and automation.
    Management processes of IP risk assessment, proposal review of IP right application, IP right protection evaluation, Infringement handling procedure and attentions for the outsourcing of intellectual property affairs are regulated as intellectual property management measure. Furthermore, Walsin Lihwa refined management measures for trade secret and copyright and reconstruct process of R&D cooperation with external company or academic institute with additional regulation such as controlling unit and check points this year, which is scheduled to be executed in 2025 for the purpose of fully Intellectual Property rights protection.
    In the future, Walsin Lihwa will review the intellectual property right management policies and adjust targets and intellectual property management regulations annually in accordance with operation strategy and the changes in government policy and market. Also, to ensure the management system operated effectively, Walsin Lihwa will review our intellectual property management and improve the management system through TIPS verification, in case of potential risk and IP related dispute.

Annual implementation status and achievement

• • IP Management Targets and Implementation Status

  No.	IP Management Targets	Implementation Status
  1	To organize training sessions to all employee with topics of intellectual property and TIPS	Online training sessions of intellectual property and TIPS were provided to all employee at 1st, August.
  2	Improve IP management system to connect to systems of plants with automatically information synchronization	System connection to Yensui plant and automatic synchronization was set up.
  3	5 patent applications filed before end of 2024	12 patent applications are filed in 2024.
  4	Protection of R&D cooperation with externals – Amend the “Industry-Academia Cooperation Management Measures” and corresponding regulations	Amendment of “Industry-Academia Cooperation and Outsourcing R&D Management Measures” was filed in October and amendment of corresponding regulation “Patent, copyright and trade secret management measures” is completed.
  5	To organize training sessions to all employee with topics of trade secrets and confidential obligations	Online training sessions of trade secrets and confidential obligations were provided to all employee at 1st, July.
  6	Made an inventory of confidential documents and present management improvement	The confidential documents were reviewed during October to early November and present management improvement suggestion.
  7	At least 1 trade secrets registered in internal system and present management improvement	1 trade secret case registered in 2024 and present management improvement suggestion.
  8	Report the execution status of TIPS to the board of directors and disclose it on Walsin official website	The execution status of TIPS was reported to the board of directors at 8th, November and it will be disclosed on Walsin official website before end of December.

  • Achievements of Intellectual Property acquisition
  • In 2024, 9 patents are granted. Walsin Lihwa have file 12 global patents based on 4 R&D proposals. As of December 31th, Walsin Lihwa have 37 granted patents, including 26 inventions, 8 utility models and 3 designs; 30 pending patent applications, including 27 inventions and 3 designs; 197 registered trademarks and 7 pending trademark applications. The global IP layout is as following figure.
    
  • Advantages and contribution of IP to cooperation operation
    1. Enhancement of IP protection: Continuing implementing IP knowledges to employees with IPR and Confidentiality related training session and providing assistance of suitable equipment and measures such as document leveling management to raising confidential awareness while executing works.
    2. Global operation layout: Aligning with the group internationalization strategy, integrating technology and brand layout, and achieving high-value products and services.
    3. R&D process improvement: Strengthen the R&D project-oriented R&D process and provide a reasonable reward system to increase the willingness of R&D employee for invention and patent application, so as to increase the company’s R&D and intellectual property capabilities.
    4. Corporate governance transparency: Disclose the implementation status of the intellectual property management plan on Walsin Lihwa official website to demonstrate the effectiveness of intellectual property management.

• • TIPS verification
  • Walsin Lihwa passed TIPS Level A verification last year and the TIPS Level A certificate is valid through December 31, 2025. On 10th April, 2024, Walsin Lihwa successfully passed the TIPS Level A spot check.

• • Potential IP risk type and Countermeasures
  • To ensure the R&D achievement and the corresponding rights are protected, preserve its economic values and prevent the IP right infringement, the IP risk type and countermeasures are listed below:

    IP risk type	Countermeasures
    Patent	• Patent risk evaluation in R&D process • Encourage R&D employee to propose patent application
    Trademark	• Strengthen control power of trademark application, maintenance and usage
    Confidential information management	• Strengthen and implement IP training for employee • Improve confidential mark usage • Attention for reviewing contract with external vendors

Prospects for Intellectual Property Management

Looking forward to the future, Walsin Lihwa expects to encourage internal R&D energy, protect technology and R&D results by establishing a complete intellectual property management system. With Industry 4.0 implementation, process is gradually optimized, product innovation is promoted and upgraded, thus leads smart manufacturing and the high-value transformation strategy is realized. Furthermore, obtain the trust of financial institutions and investors by disclosing the energy of intellectual property. With complete information, customers and investors would correctly evaluate the true value and competitiveness of Walsin Lihwa. Based on Industry 4.0, stick to energy conservation and environmental protection and invent product and technology for environmental sustainability. Realize environmental friendly and society caring achievement and which meets the purpose of sustainable company operation.

In response to the increasingly severe cybersecurity threats, Walsin has implemented high-standard cybersecurity defense in depth based on the NIST CSF and CISA ZTA frameworks. This approach effectively identifies the information security risks faced by the enterprise and promptly applies effective control measures to reduce information security risks.

Walsin will continue to optimize cybersecurity protection by introducing an integrated cloud and on-premises security management framework, gradually transitioning information systems and backup mechanisms to the cloud. This will enhance operational efficiency and the level of cybersecurity, supporting the realization of the “net-zero carbon emissions” goal.

1. Risk management framework for information and communications security

To build a “digitally sustainable” information system architecture and promote the corporate goal of “digital transformation,” Walsin Lihwa has promoted an information security strategy plan centered on “strengthening information security resilience” by establishing an overall information security protection platform, perfecting information security technical protection measures, demonstrating proactive defense capabilities, and laying the foundation for digital sustainability.

• Dedicated Information Security Organization: Walsin Lihwa has established a dedicated information security organization and, in 2022, appointed a Chief Information Security Officer (CISO), an information security manager, and two or more dedicated information security personnel. The division is responsible for formulating information security policies, planning, coordinating and implementing information security protection measures, performing information security risk assessment and management, developing a complete information security plan, and promoting information security management and solutions year by year.
• Participation of Senor Executives: The Company has established the IT Steering Committee, which is the information security management and decision-making body for the head office and business units, and is responsible for reviewing and deciding on matters related to information security management. There are also several members on the Board of Directors with backgrounds in information security in the Audit Committee to supervise and review the promotion of information security policies.
• Implementation of Information Security Management: In 2022, Walsin Lihwa implemented ISO 27001 Information Security Management System (ISMS) and obtained certification from a third-party certification body to fully manage its information security through PDCA. In 2024, Walsin successfully obtained the new ISO 27001:2022 certification, further strengthening the security protection of threat intelligence, configuration management, and cloud services. We have built up the confidentiality, integrity, and availability of information security management system of our organizations comprehensively, and strengthened our information security management continuously through different management plans in such aspects as prevention beforehand, monitoring during the event, and response after the event.

2. Information Security Policies and Goals

The goal of information security at Walsin is to maintain the confidentiality, integrity and availability of sensitive information, such as customer data and business information. Therefore, all of our employees, internal and external information service users and third-party outsourced service providers should work together to follow and achieve the following policies and objectives:

• To protect the Company’s confidential information from being accessed, altered, or damaged in an unauthorized way or improperly disclosed, in accordance with various laws and regulations.
• To protect information on the Company’s business activities from unauthorized access or disclosure, and to ensure the accuracy of all business information.
• To establish a complete business continuity plan and information security incident management procedures, to ensure that incidents are responded to, controlled and handled properly, and by conducting regular drills, to ensure the continuous operation of information systems or services.
• To handle and protect personal information and intellectual property rights in a prudent manner in accordance with the relevant domestic and foreign regulations in respect of the Personal Information Protection Act and the intellectual property law.
• To perform regular information security compliance audits to review the implementation of the information security management system.
• All employees shall maintain a high level of information security awareness at all times, and supervisors at all levels shall assume ultimate responsibility for information security supervision, management and 159 training, to achieve the goal of reducing the risk of information use through various activities, such as management review, risk assessment, internal audit, education and training, and information security drills.
• All staff of the Company shall follow information security policies, management practices and standard procedures, and violations of information security policies and related regulations shall be handled in accordance with relevant laws and regulations or the Company’s regulations.

3. Construction of the resilience of corporate information security and implementation of information security management

• We have drafted information security plan to promote information security policy year by year, to introduce information security system and process specification, and to continuously establish complete information security technical protection measures.
• The specific management plan will be gradually achieved in five stages, “Internal and External Segregation”, “Physical Fitness”, “Insight”, “Smart Security”, and “Behavior Analysis”, with four components, “IT Governance”, “Data and Device Protection”, “Network and System Control”, and “Boundary Defense”.
• The specific management plans:
  1. Planning and establishing data protection mechanisms to reduce risk of leaking confidential information.
  2. Continuously introducing advanced information security solutions to effectively protect and manage system, host and network behavior.
  3. Strengthening external information service protection to enhance the ability to block hacker attacks.
  4. Regularly organizing educational training to promote new information security knowledge and to raise employees’ awareness of information security.
  5. Regularly conducting disaster preparedness drills for important systems, so that in the event of a disaster, operations may be quickly resumed to ensure the company’s operational sustainability.
  6. Improving the protection capability of endpoints, servers and network devices by introducing Endpoint Detection and Response (EDR).
  7. Introduction of information security monitoring mechanisms (SOC) to establish effective real-time incident handling and response capabilities.
  8. Walsin Lihwa introduced the ISO 27001 Information Security Management System (ISMS) in 2022 and obtained certification from a third-party verification institution, thereby implementing information security management with PDCA. We have comprehensively built the confidentiality, integrity, and availability of the organization’s information security management system, and according to different management planning in the aspects of prevention, monitoring, and response, in order to assist the enterprise in continuously strengthening information security management.
  9. Strengthening cloud information security management and achieving ESG digital sustainability purposes through ZeroTrust.
  10. Introduce AI automation technology to assist in information security detection and protection.
  11. Conduct information security vulnerability analysis and proactively implement protective measures.
  12. Formulate the “Information Operation Outsourcing Management Measures” and the “Walsin Lihwa Information Security Standards” to clearly define the standards that information suppliers must follow, and to specify information security commitments and audit rights in contracts.

4. Investment in cyber security management resources

The corresponding information security management issues and the resources to be invested are summarized as follows:

• Major issue: “Information Security Management” was included as one of the “Major Issues” in the Company’s sustainability report for 2024.
• Dedicated organization: A dedicated information security organization, “Information Security and System Operation & Maintenance Division,” was established and a Chief Information Security Officer (CISO), an information security manager, and two or more dedicated information security personnel were appointed, responsible for drafting and amending information security policies, as well as planning, coordinating, and executing information security protection measures.
• Management review: The IT Steering Committee holds at least one management review meeting annually to audit the information security policy and its implementation and execution, in order to ensure the effectiveness and appropriateness of the standardized information security policy in compliance with relevant laws and the requirements of competent authorities.
• Information security certification: We pass the ISO27001 Information Security Management System (ISMS) certification annually, while there are no significant deficiencies in our related information security audits.
• Stakeholder issues: In 2024, no major cyber security incidents or confidential information leakage occurred, nor did any other event cause losses to the Company and its customers.
• Advocacy and training: The Company continues promoting a month-long information security awareness campaign annually, as well as implementing mandatory information security education training courses for all employees. In 2024, the number of participants exceeded 2,500. In 2024, 12 email social engineering drills were conducted, with more than 2,500 participants, and colleagues who failed the social engineering drills were required to participate in online information security courses and complete the test. Walsin is committed to implementing and executing cybersecurity incident reporting management and drills.
• Information security regulations: In addition to revising all information security regulations in 2022, three and 13 information security regulations were revised in 2023 and 2024 respectively to comply with domestic and international legal requirements and respond to changes in the external environment.
• Information security testing: Four third-party information security risk testing operations were conducted in 2024.

In 2024, no major cyber security incidents or confidential information leakage occurred, nor did any other event cause losses to the Company and its customers.

ISO 27001 Information Security Management System

Business Continuity Management Policy

The Procedures for Handling Material Inside Information and Prevention of Insider Trading of Walsin Lihwa are adopted to establish sound mechanisms for the handling and disclosure of material inside information to prevent improper information disclosures, ensure the consistency and accuracy of information released by the Company to the public, and prevent insider trading.
Moreover, to strengthen stock trading control measures, the Company may amend the Procedures for Handling Material Inside Information and Prevention of Insider Trading based on its Corporate Governance Best Practice Principle. The 2023 implementation status is tabulated as below.

Walsin Lihwa has been promoting relevant laws and regulations against insider trading to its board of directors and executives above managers every year.

Implementation of Internal Promotion in 2023 (online and offline courses totaling 1 hours)

Supply Chain Policy

Walsin Lihwa’s “Supplier Management Measures”, “Supplier Social Responsibility Performance Appraisal Principles”, and “Sustainable Procurement Management Measures” ensure suppliers meet quality, cost, timely delivery, and service quality requirements. There are also written evaluations and field inspections to ensure suppliers’ social responsibility commitment in terms of environmental protection and human rights to promote supply chain sustainability development.

In order to implement supplier management effectively and create a sustainable supply chain, Walsin developed short-, medium-, and long-term targets based on three major aspects as shown above, and identified key suppliers based on the “Supplier Management Measures” formulated by Walsin Lihwa, examines factors such as procurement value, importance, influence, uniqueness, and strategic cooperation. In the meantime, through the exchange of various information and practical operations, we continue the promotion, expand the scope and depth of sustainable management policy and resilient supply chain, and promote towards common values and goals.

Key Supplier Identification

To implement effective supplier management, during the identification of key suppliers Walsin Lihwa takes into account considerations such as important raw materials, materials, assets and equipment, project contracting, waste treatment, and outsourcing; in accordance with the “Supplier Management Measures” formulated by Walsin Lihwa, the Company also examines factors such as procurement value, importance, influence, uniqueness, and strategic cooperation when selecting key suppliers. Out of a total of 5,413 suppliers ^{Note 1} , 503 have been selected as key suppliers ^{Note 2} , which account for 64.92% of total procurement value. These key suppliers are also the targets for the promotion of supply chain resilience and strengthening supplier corporate social responsibility.

Note 1: Suppliers are defined as companies that are documented, paid, and managed in accordance with the procurement process and have records of goods received in the current year, excluding duplicate suppliers within affiliated entities and different factory locations.
Note 2: Includes suppliers of the Taipei Head Office, Wire and Cable Business Group (Hsinchuang Plant, Yangmei Plant, Shanghai Walsin), Stainless Steel Business Group (Yenshui Plant, Taichung Plant, Yantai Walsin, Changshu Walsin, Jiangyin Walsin (Specialty Alloy Materials), Real Estate Business Group, Walsin Precision, and European stainless steel suppliers. If excludes the European stainless steel suppliers, out of a total of 4,083 suppliers, 139 have been selected as key suppliers, which account for 60.19% of total procurement value.

Implementation of Supply Chain Management

Supplier’s Undertaking
Sustainable Raw Materials Policy

Prohibited Use of Conflict Minerals

To enforce the policy of prohibiting the use of conflict minerals, we require suppliers to voluntarily disclose the sources of their minerals, to ensure that their procurement does not originate from conflict-affected or high-risk areas and complies with customer and regulatory requirements. And the priority is given to sourcing from qualified facilities validated by the Responsible Minerals Initiative (RMI), or due diligence is conducted using RMI’s reporting templates—the Conflict Minerals Reporting Template (CMRT), the Extended Minerals Reporting Template (EMRT), and the Additional Minerals Reporting Template (AMRT), to eliminate the possibility of using conflict minerals.

RMI Facilities Lists：https://www.responsiblemineralsinitiative.org/facilities-lists/
CMRT：https://www.responsiblemineralsinitiative.org/reporting-templates/cmrt/
EMRT：https://www.responsiblemineralsinitiative.org/reporting-templates/emrt/
AMRT：https://www.responsiblemineralsinitiative.org/reporting-templates/amrt/

Suppliers’ Commitment to Sustainability and Self-Assessment

To enhance suppliers’ awareness of and commitment to sustainable development, suppliers of the Taiwan and Mainland China plants are required to sign the “Supplier’s Undertaking” and ensure that they comply with related management regulations, and suppliers would evaluate their own management status and fill in the “CSR sustainability self-assessment form”. The assessment items include economic, social, and environmental aspects. The sustainability management of suppliers is analyzed based on the assessment results, Walsin will give priority to those with better ESG performance for transactions; however, if the assessment is a “high-risk supplier”, Walsin’s safety and environmental unit will conduct on-site review and counselling in the following year of the assessment.

Suppliers are also required to improve their deficiencies within the stipulated time to meet the minimum ESG requirements.

If there is no improvement, the procurement ratio will be gradually reduced depending on the situation or they will be included as unqualified suppliers. Once listed as unqualified suppliers, they will no longer be eligible Sign a contract to make a deal.

For more information, please visit the sustainability website: https://esg.walsin.com/en