Sound risk management is the basis of corporate sustainable development. By means of risk controlling and managing process, GIGABYTE first identifies 8 risk dimensions, including operation, finance, innovation, and information security, etc. Further, the potential impact scope of each risk is determined and the risks are assigned to responsible units for sound risk management measures based on their professionals and practical experiences in related fields.

Risk Management and Control Process

Measures of Risk Identification and Management

Information Security Management

In keeping with the GIGABYTE philosophy of “Upgrade Your Life”, corporate information security governance has been introduced to our continued pursuit of corporate sustainability. The Information Security Committee was set up to devise an information security policy and management framework that takes international standards, regulatory requirements, privacy protection, risk management and crisis management into account. A total approach to information security management, planning, oversight and execution has been put into place. The Committee also reports regularly to the President on information security management activities and overall effectiveness of information security management organization.

Governance Organizational Framework
  1. Information security management rules are reviewed and updated every year in accordance with international information security standards (NIST Cybersecurity Framework) and domestic/overseas information security regulations.
  2. Ensure the Confidentiality. Integrity) and Availability of information so that they can be applied to the planning, management and execution of Group business targets in a secure, proper, appropriate and reliable manner.
  3. To continue providing customers with a safe and quality product experience, GIGABYTE must ensure that our information security management for R&D processes, product development, cloud services, and manufacturing supply chain all comply with our information security policy. The goal is the effective reduction of management risk and continued improvement to the overall maturity of information security.
  4. Conduct regular offensive and defensive information security drills, strengthen internal information security awareness through employee training, and implement information security throughout all processes.

Management Goal and Outcome
  1. One information security incident reporting and response drill was conducted to ensure proper division of labor and improve responsiveness.
  2. In response to the growing number of BEC e-mail fraud, the following measure was adopted at the system level: Anti-fraud e-mail protect was implemented. For employee information security education and training: Two social engineering rehearsals were conducted.
  3. Rigorous security measures were implemented due to employees working from home during the COVID-19 pandemic. Multi-factor authentication (MFA) was also introduced to ensure the security and integrity of information operations.