Company Philosophy

Robust risk management and appropriate crisis management are the major cornerstones to ensure sustainable operation. The Company has established a Risk Management Committee in Feb. 2022, which was in charge of integrating and managing potential sustainability risks including strategic, operational, financial and hazardous risks,  to help the Board of Directors supervise the Company's risk management strategies.  

Risk Management Policies

Risk Management Policy and Procedure

The Company's risk management policies have been approved by the Board of Directors in 2022, and were set to be our supreme guiding principles in controlling risk. Through annual risk evaluation and identification, Novatek can quickly grasp the situation when faced with a risk and disaster, so that countermeasures can be formulated to reduce the impact of risks on the Company’s operations and stakeholders. With constant review and modification, the Company can be improved to achieve the goal of sustainable development.

Risk Management Organizational Structure

In 2022, the Company integrated all risk management units to form the Risk Management Committee, with the Company’s Vice Chairman serving as Chairman of the Committee. The Committee is under the supervision of the Audit and Risk Committee and aims at coordinating all units to review internal/external risks faced by the Company in accordance with “Risk Management Policy and Procedure”. It is also in charge of formulating and promoting countermeasures for major risk issues throughout the Company, and reporting to the Audit and Risk Committee at least once a year on the scope of major risk management in the current year, preventive measures' implementation status, high-potential risks for the next year, and countermeasures for such. All of this, together with the Audit and Risk Committee’s recommendations, are reported to the Board of Directors once a year.

Novatek_organization_en.jpg (94 KB)

Risk Management Framework

The Company's risk management framework consists of “Strategy Risk”, “Operation Risk”, “Finance Risk” and “Hazardous Events Risk”. From the perspective of business continuity, our risk management mechanisms consist of identification, analysis, and evaluation, aiming to quantify the frequency, along with the magnitude of impact and control of risk. Meanwhile, Novatek also incorporates internal audit and internal control functions to ensure that the risks associated with operations are effectively controlled.

Risk Management Operation

The Company actively implements and promotes risk management mechanisms. The members of the Risk Management Committee monitor risks and compile the assessment results on a quarterly basis. Internal meetings are held at least twice a year to report risk monitoring results and countermeasures to the Chairman, and the Risk Management Committee’s operations are reported to the Audit and Risk Committee and the Board of Directors at least once a year. The main operations of the Risk Management Committee for 2024 are as follows.

  • The executive members of each operating unit under the Company's Risk Management Committee have submitted the quantitative and qualitative risk monitoring indicator assessment documents of their units on a quarterly basis in 2024 for tracking and control, and submit them to the Chairman for review.
  • The Deloitte’s consulting team was commissioned to held risk management training courses, covering trend in global risk, analysis of risk investigation reports, risk issues and cases concerning industry chain as well as methods and practical insights on enterprise risk management assessment for all members of the Risk Management Committee in August 2024, strengthening risk awareness and gaining familiarity with the risk assessment process and understanding important global enterprise risk management issues as well as practices, thereby providing references for risk management operation.
  • The Company's Risk Management Committee held two internal meetings in April 2024 and in September 2024 respectively, reporting the highlights of risk management and review the implementation of medium to high-risk countermeasures.
  • The Chairman of the Risk Management Committee reported to the Audit and Risk Committee and the Board of Directors on the Risk Management Committee’s operational highlights for 2024, the results of risk monitoring, and important potential risks for 2025 and countermeasures for such on October 31, 2024.

Information Security Management

Information Security Policy and Management Implementation

Information Security Management System Certification

The Information Security Committee of Novatek consists of the Executive Office, Audit, Human Resources, Intellectual Property & Legal, Information Technology and other units of the Company. In July 2022, the Board of Directors approved the appointment of Chen Chien-Hsing (David Chen), the Company Vice President, as Chief Information Security Officer, and passed "Information Security Committee Organization Regulations". Based on the needs of information security operations, necessary members or inter-departmental meetings are convened to carry out information security work, coordinate the implementation of information security management systems and the allocation of required resources. The Company has formulated a specific information security management plan internally to maintain information security. In 2024, Novatek did not purchase information security insurance, nor did it encounter any major information security incidents that cause damage or affect the operations and reputation of the Company. 

 

The Company got certification of ISO/IEC 27001:2013 Information Security Management System (ISMS) in 2022, with certificate number 10463719. An external audit completed in May 2024 confirmed compliance. The current certificate is valid from August 2022 to August 2025.

information-Committee_en.png (152 KB)

 

Information security can be divided into three levels: external hacker attacks, protection of confidential information, and information security awareness among employees. Using a deep-layered defense concept, Novatek has constructed security protection measures to meet outside-to-inside threats, and prevent such external attacks as those that come from malicious hackers, computer viruses and ransomware, which would affect the stable operation of the Company’s operational system. Furthermore, to safeguard the Company’s intellectual property, trade secrets and internal information security, reasonable protection measures have been established based on confidentiality level. Through education and training as well as regular announcements, the concept of information security DNA has been established for the employees of Novatek. In addition, Novatek holds an Information Security Committee meeting every year and formulates information security plans to regularly assess the appropriateness and effectiveness of information security operations, organizing projects to continuously reinforce the protective measures and reduce security risks.

Novatek attaches great importance to information security and confidential information protection. Through the three aspects of information risk management, information security management, and information security audit as well as the spirit of PDCA, the Company continues to implement information security protection.

 

Information Security_e.png (137 KB)

Intellectual Property Management and Regulatory Compliance

TIPS Verification Certificate

Novatek makes an intellectual property (IP) management plan closely related to business objectives and R&D resources, to manage and protect the intellectual properties such as patents and trade secrets appropriately. Novatek reports the execution results of the IP management plan to the Board of Directors annually and discloses the execution results in the Novatek official website.

 

Novatek establishes an interdepartmental IP management working group dedicated to accomplish the IP management system in the company based on Taiwan Intellectual Property Management System (TIPS). The IP management working group is composed of staffs in IP & Legal Department, IT Department, Administration Department, Human Resource Department, Audit Unit and R&D Departments. Novatek passed the Taiwan Intellectual Property Management System (TIPS) A-level certification in 2022 and successfully renewed it in 2023. The certification remains valid until December 31, 2025. In line with TIPS principles, Novatek is committed to continuously optimizing intellectual property management through internal audits to safequard core competitiveness, reduce operational risks, and strengthen corporate governance.

To ensure that Novatek’s operations can comply with laws and regulations, Novatek pays close attention to changes in policies and regulations that may have a significant impact on the Novatek’s business or finances. The Intellectual Property & Legal Department provides legal advices and assistances and regulation publicity to each Operating Unit. The Audit Unit executes auditing process annually for law and regulation compliance, reports the auditing results to the Audit and Risk Committee as well as the Board of Directors, and follows up improvements. In 2024 and 2023, Novatek had no violations or penalties related to social, economic, or environmental laws and regulations.