Corporate Governance

Taroko

Information and Communication Security Management

Home / Governance / Information Security and Intellectual Property / Information and Communication Security Management

To enhance the Company’s information security protection and management mechanisms, and to ensure the confidentiality, integrity, and availability of information assets during transmission and usage, this policy has been established. It also aims to comply with Article 9 of the “Regulations Governing the Establishment of Internal Control Systems by Public Companies” regarding control operations for computerized information systems.

  • To oversee the Company’s information and communication security operations, regular reports are presented to the Board of Directors regarding the status of information security management and auditing.

    The most recent report was submitted to the Board on November 10, 2025, with the summary of the 2025 information security operations presented as follows:

Information and Communication Security Management Framework

The Information Department is the designated unit responsible for information security at our company. It includes one IT supervisor and several professional IT engineers. Their duties include formulating information security policies, planning and implementing information security measures, and executing related operations.

The cybersecurity team regularly reports its progress to the General Manager and Chairman, and annually presents cybersecurity governance matters to the Board of Directors. Internal control mechanisms for information operations are audited to ensure confidentiality, integrity, and availability of information. A proactive monitoring and defense framework is being developed to reduce the risk of internal data breaches or damage. The company also conducts annual IT audits in collaboration with external auditors; any deficiencies identified are immediately addressed and improvement actions are tracked.

Information and Communication Security Policies and Management Plans

To enhance ICT security and protect the confidentiality, integrity, and availability of information from internal and external threats, the company has established six major areas of security infrastructure and management:

(1) Computer Equipment Security Management

  1. All servers and equipment are located in a dedicated server room with access control via card swipes and detailed entry/exit logs. Third-party technicians must be accompanied by IT personnel and logged upon entry.
  2. The server room is equipped with independent air conditioning and fire extinguishers suitable for electrical and general fires.
  3. UPS (uninterruptible power supply) systems and voltage regulators are installed and connected to the building’s generator to prevent downtime from unexpected power outages.
  4. A log server has been implemented to retain critical system logs for over six months, complying with TWSE/TPEx cybersecurity guidance.

(2) Network Security Management

  1. Corporate-grade firewalls are deployed at network entry points to block unauthorized access.
  2. Site-to-site encrypted connections are used between Taichung, Hsinchu server rooms and Taipei offices to protect data transmissions.
  3. Penetration testing and vulnerability scanning are conducted in April and October annually for core systems, and high-risk vulnerabilities are patched promptly.

(3) Anti-Virus Protection and Management

  1. All servers and employee terminals are installed with antivirus software that automatically updates virus definitions and detects potentially malicious executable files.
  2. Infected devices are isolated or cleaned immediately, and risk reports are generated to facilitate incident response.
  3. In 2025, the company plans to introduce endpoint protection and behavioral detection systems to block malicious behavior and prevent ransomware attacks.

(4) System Access Control

  1. System access is granted only after formal application and supervisor approval. The IT department assigns user accounts and roles based on submitted requests.
  2. Passwords must meet complexity standards and include a mix of letters, numbers, and special characters.
  3. Employee account access is revoked upon resignation or leave through coordination with IT.
  4. In 2025, the company plans to introduce a Privileged Access Management (PAM) system, requiring pre-authorization, real-time monitoring, and post-operation audit reporting for critical system operations.

(5) Ensuring Stable System Operations

  1. Data Backup: Backups are performed regularly. In addition to the main backup at the data center, secondary backups are stored both locally and in Hsinchu.
  2. Disaster Recovery Drills: Annual drills are conducted to restore systems from backup media and ensure the accuracy of restored data via user confirmation.
  3. Network Redundancy: Two leased lines from telecom providers operate in parallel with bandwidth management to ensure uninterrupted communication.

(6) Cybersecurity Awareness and Training

  1. Regular Awareness Campaigns: Employees are reminded to regularly update complex passwords and avoid phishing attacks. Social engineering tests are conducted periodically.
  2. Training Seminars: Periodic in-house training sessions are held on information security.
  3. Security Resources Investment:
    • Hardware: Firewalls, email anti-virus, managed switches.
    • Software: Backup management software, VPN authentication.
    • Telecom: Multiple lines, host backup, intrusion prevention services.
    • Personnel: Daily system monitoring, weekly backups with offsite storage, biannual security training, annual disaster recovery drills, internal IT audits, and third-party audits.
    • Cybersecurity Staff: A dedicated cybersecurity officer and team manage architecture design, operations, incident response, and policy revisions. The cybersecurity officer reports to the board at least once annually.

Corporate Governance Contact

Spokesperson
General Counsel / HSU,CHUN-CHI
Email: jerryhsu.trk@gmail.com

Acting Spokesperson
Equity Manager / Kelly Lo

Phone: 04-36118888#6661
Email: kelly.lo@trkmall.com.tw

標題

Reporting and Complaint Mailbox

Email: auditcommittee@trkmall.com.tw

Risk Management Policy

Home / Governance / Information Security and Intellectual Property /Risk Management Policy

To strengthen corporate governance and enhance the company’s risk management framework, this policy is established to reasonably ensure the achievement of the company’s strategic objectives and the sustainable operation and development of the enterprise.

For the complete policy, please refer to the Company’s Risk Management Policy and Procedures.

Risk Management Organizational Structure

Department Key Responsibilities
Board of Directors
The Board of Directors is accountable to shareholders and oversees the company’s governance system, ensuring that all operations are conducted in accordance with laws, the Articles of Incorporation, and shareholder resolutions.
Sustainability Development Committee
This committee leads the following efforts as its primary purpose: promoting corporate governance, fostering a sustainable environment, advancing social welfare, and strengthening the company’s sustainable development framework.
Audit Office
Responsible for evaluating the company's internal control system, providing analyses and improvement suggestions, verifying compliance with legal and internal policies, and enhancing management performance.

Risk Impact Assessment Criteria Table (Impact Level)

Risk Likelihood Assessment Criteria Table (Probability Level)

Risk Evaluation Standards

Corporate Governance Contact

Spokesperson
General Counsel / HSU,CHUN-CHI
Email: jerryhsu.trk@gmail.com

Acting Spokesperson
Equity Manager / Kelly Lo

Phone: 04-36118888#6661
Email: kelly.lo@trkmall.com.tw

標題

Reporting and Complaint Mailbox

Email: auditcommittee@trkmall.com.tw

Risk Management Implementation Status

To promote and implement an effective risk management mechanism, the Company reports the status of its risk management operations to the Board of Directors at least once per year.
The most recent report was presented at the Board meeting on November 10, 2025, and the key activities carried out in 2025 are summarized as follows:

Intellectual Property Management

Home / Governance / Information Security and Intellectual Property / Intellectual Property Management

To expand domestic and international markets and enhance brand value, the Company has established a sound intellectual property (IP) management system, strengthened employee awareness of IP protection, and formulated an IP management plan aligned with operational goals.

Trademark and Patent Management

In accordance with the Company’s internal control regulations titled “Acquisition, Maintenance, and Utilization of Intellectual Property Rights”, relevant departments evaluate and propose the necessity of IP rights. The IP management team collaborates with external law firms to handle application, maintenance, and utilization procedures for trademarks and patents.

Copyright and Trade Secret Management

Based on the “Employment Agreement” and the “Intellectual Property and Confidentiality Undertaking”, the following are agreed with employees:
(1) Copyright Clause: Defines the ownership of works created during the course of employment, which remains effective even after termination of employment.
(2) Confidentiality Clause: Includes obligations for the return of company data upon resignation and ongoing duties to maintain confidentiality.

External Management

All cooperation contracts with external vendors include warranty clauses for non-infringement of rights, requiring business partners to ensure that their performance does not infringe on any third party’s trademark rights, patent rights, copyrights, trade secrets, or other legal rights.

Implementation Status

To continuously promote IP-related measures, the Company reports its implementation status to the Board of Directors annually. The most recent report was presented on November 10, 2025, with the following updates:

Trademark and Patent Status Overview (as of October 31, 2025)

Taiwan:
A total of 25 trademark registrations have been filed and maintained in Taiwan.

China:
A total of 4 trademark registrations have been filed and maintained in China.

United States:
Two trademark applications are currently in process:

Taroko and Device Mark

The application has been approved.

However, due to insufficient evidence of use for Class 28 (sports equipment), the USPTO has requested a second round of supplementary documentation.

To avoid the risk of rejection for the entire application, we intend to withdraw the Class 28 portion of the application.

Crazy Free Throw

The application has been approved.

Preparations are underway to submit the required proof of use.

Patent Application (United States):
One patent application is currently under examination with the United States Patent and Trademark Office (USPTO).

The patent pertains to a ball return system within a batting zone.

Corporate Governance Contact

Spokesperson
General Counsel / HSU,CHUN-CHI
Email: jerryhsu.trk@gmail.com

Acting Spokesperson
Equity Manager / Kelly Lo

Phone: 04-36118888#6661
Email: kelly.lo@trkmall.com.tw

標題

Reporting and Complaint Mailbox

Email: auditcommittee@trkmall.com.tw

Personal Data Protection and Privacy Policy

Home / Governance / Information Security and Intellectual Property / Personal Data Protection and Privacy Policy

The Company has established the Personal Data Protection Management Policy to regulate the procedures for the collection, processing, and use of personal data, with the aim of safeguarding the privacy rights of data subjects, promoting the lawful and proper use of personal data, and providing secure and reliable services.

Implementation Status of Personal Data Protection in 2025

In 2025, the Company carried out the following personal data protection initiatives:

  • The Company participated in an in-depth personal data protection guidance program commissioned by the Ministry of Economic Affairs, Administration of Commerce Development, and implemented by the Institute for Information Industry (III).

  • On June 24, 2025, the Company was invited to complete the “Personal Data Protection Capability Assessment Questionnaire” issued by the Administration of Commerce Development, Ministry of Economic Affairs.

  • On September 1, 2025, the Institute for Information Industry (III), Institute of Law and Technology (ILT), issued the Personal Data Protection Capability Assessment Report for Taroko Development Corporation, and conducted a three-stage guidance program as follows:

    1. Stage One – System and Policy Guidance:
      Assisting the Company in strengthening its personal data management system, reviewing its information security maintenance plans, and providing professional consulting services.

    2. Stage Two – Vulnerability Scanning:
      Based on the effectiveness of the implemented management system, providing technical protection services related to personal data and information security, including reviews of network architecture for systems containing personal data and vulnerability scanning of servers and websites.

    3. Stage Three – Follow-up and Improvement Verification:
      Conducting on-site visits to verify the implementation status of improvement measures. Ongoing communication, confirmation, and necessary consulting services were provided to ensure continuous enhancement.

  • On October 16, 2025, the Institute of Law and Technology of the Institute for Information Industry visited the Company to conduct interviews based on the assessment report and proposed vulnerability scanning services focusing on personal data and information security protection.

  • On December 26, 2025, the Institute of Law and Technology of the Institute for Information Industry issued the Final Report on the In-depth Guidance Program. The Company will review and implement improvements in accordance with the recommendations set forth in the report.

Personal Data Protection Education and Training
DateTraining TopicLocationParticipants
2025/2/11New Employee Orientation9F Education & Training Classroom, Taroko Mall12
2025/3/5Store manager of Sports & Leisure Business Units9F Education & Training Classroom, Taroko Mall46
2025/4/14New Employee Orientation9F Education & Training Classroom, Taroko Mall20
2025/4/15Staff Commercial Operations at Taroko Mall9F Education & Training Classroom, Taroko Mall25
2025/6/3New Employee Orientation9F Education & Training Classroom, Taroko Mall18
2025/8/27New Employee Orientation9F Education & Training Classroom, Taroko Mall18
2025/10/14New Employee Orientation9F Education & Training Classroom, Taroko Mall17
Total: 7 sessionsTotal Participants156

  • +886 4-3611-8888

  • +886 4-3611-6688

  • trk04690983@gmail.com

© 2023 Taroko US Corporation (TRK Corporation)。All Rights Reserved

  • +886 4-3611-8888

  • +886 4-3611-6688

  • trk04690983@gmail.com

© 2023 Taroko US Corporation(TRK Corporation) All Rights Reserved

Company Overview
Core Business
Management Team
Corporate History
Organization Structure

Board of Directors
Audit Committee
Remuneration Committee
Regulatory Framework
Internal Audit Policy
Integrity Management
Anti Corruption Policy
Information Security Policy
Corporate Governance Officer

Shareholder
Earnings Call
Financial
Market Observation Post System#1432

Talent
Employee

Stakeholder
Happy Workplace
CSR