0%

Information Security

Information Security Policy

PlayNitride has established a comprehensive risk assessment and management mechanism based on the ISO/IEC 27001 Information Security Management System (ISMS). We have defined clear risk assessment standards to regularly identify, analyze, and evaluate information security risks. Based on the assessment results, appropriate risk treatment measures are implemented to mitigate potential impacts and damage risks.

The “Risk Assessment and Management Procedure” has been formulated and implemented as the basis for information security risk control, ensuring the effective execution of relevant control measures. Concurrently, through annual internal audits and management reviews, we continuously examine the suitability and effectiveness of the management system. Improvements are made based on audit findings to strengthen overall information security governance and operational resilience.

Information Security Management Organization

PlayNitride has established an information security governance framework and set up the “Information Security Management and Personal Data Committee.” This committee oversees policies, plans, and relevant management measures for information security and personal data protection. A management review meeting is held annually to examine the effectiveness and continuous improvement of the information security management system.

Under the committee, the “Information Security & Personal Data Emergency Response Team” and the “Internal Audit Team” have been established. They are respectively responsible for implementing information security and privacy protection measures, reporting and responding to information security incidents, and conducting internal audits of information security and personal data management. Furthermore, dedicated information security personnel have been appointed as internal and external contact points to ensure the fulfillment of information security and personal data protection responsibilities.

Specific Management Plans

Each year, third-party information security ratings and vulnerability scans are conducted. Information risks are remediated based on the assessment results, and educational training is provided to employees to enhance security awareness and mitigate human-related risks.