Corporate Governance
Company Organization and Policies
CORPORATE GOVERNANCE
Strong Management & Risk Control
Overview of company policies, internal audits, board info, committees, and risk management.
RISK MANAGEMENT
Risk oversight is embedded in board responsibilities and audit processes, ensuring operational resilience and long-term sustainability.
Risk Management Policy and Procedures
To promote the Company’s sustainable development, strengthen corporate governance, and establish a sound risk management system, the Board of Directors approved the adoption of the “Risk Management Policy and Procedures” on November 6, 2024. The Company’s risk management procedures primarily include risk identification and analysis, risk assessment, risk response, and monitoring and review mechanisms. Each department identifies risk items related to its operations, conducts risk assessment and analysis based on the principle of materiality and stakeholder concerns, evaluates the potential impact of each risk on the Company, and formulates corresponding risk management measures and countermeasures.
The Company’s risk management framework covers operational risks related to environmental (climate change, biodiversity, occupational safety and health, energy, etc.), social and human rights, governance (regulatory compliance, anti-corruption and fraud prevention, information security), financial, and other relevant risk factors. The Audit Committee is responsible for supervision, while the Sustainability Development Office reports at least once a year to both the Audit Committee and the Board of Directors on the implementation status.
For details, please refer to our company's Policies and Procedures for Risk Management.
Organizational Structure and Responsibilities of Risk Management
Risk Management Levels and Responsibilities:
- Level 1: Responsible units for respective risks manage risks in accordance with risk management procedures as part of their daily operations.
- Level 2: The Audit Unit conducts regular audits and reviews the implementation status of risk management.
- Level 3: The Sustainability Development Office, established under the Chairman, coordinates overall risk management and reports the execution status to the Board of Directors.
Risk Management Implementation
Catcher actively implements risk management, with the Sustainability Development Office reporting at least once a year to the Audit Committee and the Board of Directors on the annual implementation status. The most recent report was presented on November 6, 2024, with the key contents summarized as follows:
1. Identification, Analysis, and Assessment of Risks Related to Material Issues
▼ Identification Results of Material Risk Issues
2. Risk Management Implementation
Information Security Risk Management Framework
The Company has established an Information Security Promotion Task Force, consisting of a Convener, Management Representative, Executive Secretary, Information Security Management Team, Data Protection Team, Emergency Response Team (task-oriented), and Audit Team. The task force formulates the Company’s information security development directions and strategies and promotes as well as implements various information security management initiatives to ensure the continuous and stable operation of the information security management system.
- Information Security Promotion Task Force: The Company’s decision-making and management body for information security, responsible for overall promotion of information security initiatives.
- Management Representative: Coordinates system planning, resource allocation, and project implementation related to information security.
- Executive Secretary: Assists the Management Representative and Convener in carrying out information security management tasks.
- Information Security Management Team: Responsible for planning, establishing, implementing, maintaining, reviewing, and continuously improving the Company’s information security management system for IT systems; reports information security issues to the Task Force, coordinates audit schedules, supervises audit execution, and oversees preventive and corrective measures.
- Data Protection Team: Promotes and manages the Company’s data and personal data protection systems.
- Emergency Response Team: A task-based unit responsible for monitoring and tracking major information security incidents, as well as maintaining, updating, and executing disaster recovery procedures.
- Audit Team: Formulates information security audit plans, conducts relevant audits, and follows up on preventive and corrective actions for items that do not meet audit standards.
Information Security Policy
Catcher is committed to information security management to safeguard the Company’s products and services from unauthorized access, alteration, use, and disclosure, as well as losses arising from natural disasters. The Company ensures the timely provision of complete and available information to protect the confidentiality, integrity, and availability of critical information assets. At the same time, Catcher complies with applicable laws and regulations, earns customer trust, fulfills commitments to shareholders, and guarantees the continuity of key business operations.
Full Participation, Enhanced Security Awareness:
Foster company-wide awareness to build a shared consensus that information security is everyone’s responsibility.
Proactive Prevention, Effective Security Management:
Establish information security technologies and implement an information security management system, continuously improving under the Plan-Do-Check-Act (PDCA) cycle.
Customer Trust, Sustainable Operations:
Provide a secure and trustworthy production environment to ensure business continuity and long-term sustainability.
Information Security Management Program
To demonstrate the Company’s commitment to information security management and to ensure that all information and information systems are appropriately protected, the Company has established, documented, implemented, and maintained an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2022 standard, and continuously improves its effectiveness.
Objectives:
Implement appropriate protection and preventive measures for information stored or transmitted by the Company.
Reduce the impact of information security incidents such as damage, theft, leakage, alteration, misuse, or infringement.
Continuously enhance the confidentiality, integrity, and availability of all operations across the Company’s information service systems.
Information Security Management Measures
In accordance with the ISO/IEC 27001:2022 standard, the Company adopts the Plan-Do-Check-Act (PDCA) cycle to establish and implement an Information Security Management System (ISMS), ensuring its effective operation and continuous improvement.
- Establish an information security management organization responsible for promoting, coordinating, and supervising information security management matters.
- Conduct a management review at least once a year to ensure the adequacy, sufficiency, and effectiveness of the ISMS. The review scope includes improvement plans and assessments of required changes to the system.
- Establish information security indicators to evaluate performance and the effectiveness of the ISMS.
- Perform regular or ad hoc security assessments or audits to review whether control objectives, measures, and procedures comply with laws, regulations, and relevant security requirements. Execute and maintain them effectively as planned to continuously enhance the effectiveness of the ISMS.
Information Security Management Achievements
SEARCH
Start typing keywords to discover the service, support, or details you’re looking for.
COOKIE
This website uses cookies, including third-party cookies, to provide you with the best browsing experience. For more information, please visit our Privacy & Cookie Policy. By continuing to browse or closing this notice, you agree to our website’s Terms of Use.
PRIVACY POLICY
Welcome to the “Catcher Website” (hereinafter referred to as "this website"). To help you use our services and information with peace of mind, we hereby explain our privacy policy to safeguard your rights. Please read the following carefully
01. Scope of the Privacy Policy
This policy covers how this website handles personal information collected when you use its services. It does not apply to websites linked from this site, nor to personnel not managed or authorized by this website.
02. Collection, Processing, and Use of Personal Data
When you visit this website or use its services, we may ask you to provide necessary personal data depending on the nature of the service, and your data will be processed and used solely for that specific purpose. Without your written consent, your data will not be used for any other purposes. When using interactive features such as contact forms or surveys, this site may retain your name, email address, contact information, and usage time. During general browsing, the server will automatically record your IP address, usage time, browser type, and browsing data. This information is used internally to improve our services and will not be shared externally.To provide accurate services, we may conduct statistical analysis on collected survey data. The results may be published as statistical summaries or explanatory text for internal research or public reference, but they will not contain personally identifiable information.
03. Data Protection
The servers of this website are protected with firewalls, antivirus software, and other security measures to safeguard your personal data. Only authorized personnel have access to your data, and all relevant staff have signed confidentiality agreements. Any violations will be subject to legal penalties.When outsourcing services that involve personal data, we will strictly require contractors to uphold confidentiality obligations and implement necessary audits to ensure compliance.
04. External Links
This website may contain links to other websites. However, our privacy policy does not apply to those sites. You must refer to the privacy policy of each linked site.
05. Sharing Personal Data with Third Parties
This website will never provide, exchange, rent, or sell your personal data to any individuals, organizations, private companies, or public agencies unless required by law or contractual obligations.Exceptions include but are not limited to:
01. With your written consent
02. As required by law
03. To prevent danger to your life, body, freedom, or property
04. When cooperating with government agencies or academic institutions for statistical or research purposes in the public interest, and the data is processed in a way that makes individuals unidentifiable
05. When your behavior on the website violates our terms of service or causes harm to other users or third parties, and disclosure is necessary for identification, legal action, or contact
06. When it benefits your rights and interests
07. When we outsource vendors to collect, process, or use your data, and we will oversee them to ensure proper handling
06. Use of Cookies
To provide you with the best service, this website will place and access cookies on your device. You may set your browser’s privacy settings to high to refuse cookies, but doing so may cause some website features to function improperly.
07. Amendments to the Privacy Policy
This website’s privacy policy may be revised at any time to meet changing needs. All updates will be posted on this site.