Products
LAGIS Port Trocar System
LAGIS Path Single Port Access
LAGIS Path Cap for Wound Retractor
LAGIS Shield Wound Retractor
LAGIS Energy Bipolar Forceps
LAGIS Flow Suction Irrigation
LAGIS Flow Irrigation Pump
LAGIS Flow Multi-Functional Electrosurgery System
LAGIS Endo Endoscopic Instruments
LAGIS Retrieval Specimen Bag

Information Cybersecurity Governance

Information and Communication Security Risk Management Framework

Although the Company has not yet established a dedicated Information Security Department, the Board of Directors appointed a Chief Information Security Officer (CISO) on April 29, 2025. This officer is responsible for enhancing information security management, ensuring the confidentiality and integrity of company data, and conducting periodic security inspections. Regular reports on the status and strategy of information and communication security (ICS) are submitted to the Board of Directors.

Information Security Policy

  1. The Company strengthens information security management to ensure a resilient IT environment. Key information systems and equipment have been equipped with appropriate backup, redundancy, or monitoring mechanisms, and regular drills are conducted to maintain availability.

  2. To implement robust information security management, the Company plans to adjust its organizational structure and establish internal procedures for ICS controls, aiming to achieve the following policy objectives:

  • Clear delineation of functions and responsibilities within the information processing unit

  • Management of computer operations

  • Data backup and recovery operations

  • Network security management

  • Application system maintenance

  • Specific management plans and resource allocation for ICS governance

Specific Information Security Measures and Resource Allocation

  1. Internet Security Controls

    • Firewalls are properly installed, configured, and functioning as intended.

    • Regular antivirus scans are conducted.

    • The Company will fully adopt next-generation antivirus software by 2025.

  2. Document Management and Encryption Systems

    • A document management system and document encryption system are in place.

    • Sensitive and important data is uploaded to the system, with role-based access control (RBAC) applying the principle of least privilege.

  3. Data Backup and Disaster Recovery

    • A data redundancy mechanism is established.

    • Automated daily backups and offsite backups are performed.

    • Regular disaster recovery testing is conducted and documented.

  4. Network and System Security Management

    • Active Directory (AD) has fully replaced standalone workstation management.

    • Management policies are aligned with ISO/IEC 27001 standards.

  5. Information Security Awareness and Training

    • Ongoing awareness campaigns and periodic ICS checks are conducted.

    • At least one information security training session per year is held.

    • IT personnel undergo external ICS training, followed by internal training sessions and random device audits of employee equipment.