The Company's risk management policies have been approved by the Board of Directors in 2022, and were set to be our supreme guiding principles in controlling risk. Through annual risk evaluation and identification, Novatek can quickly grasp the situation when faced with a risk and disaster, so that countermeasures can be formulated to reduce the impact of risks on the Company’s operations and stakeholders. With constant review and modification, the Company can be improved to achieve the goal of sustainable development.

In 2022, the Company integrated all risk management units to form the Risk Management Committee, with the Company’s Vice Chairman serving as Chairman of the Committee. The Committee is under the supervision of the Audit Committee and aims at coordinating all units to review internal/external risks faced by the Company in accordance with “Risk Management Policy and Procedure”. It is also in charge of formulating and promoting countermeasures for major risk issues throughout the Company, and reporting to the Audit Committee at least once a year on the scope of major risk management in the current year, preventive measures' implementation status, high-potential risks for the next year, and countermeasures for such. All of this, together with the Audit Committee’s recommendations, are reported to the Board of Directors once a year.

The Company's risk management framework consists of “Strategy Risk”, “Operation Risk”, “Finance Risk” and “Hazardous Events Risk”. From the perspective of business continuity, our risk management mechanisms consist of identification, analysis, and evaluation, aiming to quantify the frequency, along with the magnitude of impact and control of risk. Meanwhile, Novatek also incorporates internal audit and internal control functions to ensure that the risks associated with operations are effectively controlled.

The Company actively implements and promotes risk management mechanisms. The members of the Risk Management Committee monitor risks and compile the assessment results on a quarterly basis. Internal meetings are held at least twice a year to report risk monitoring results and countermeasures to the Chairman, and the Risk Management Committee’s operations are reported to the Audit Committee and the Board of Directors at least once a year. The main operations of the Risk Management Committee for 2023 are as follows.

The Information Security Committee of Novatek consists of the Executive Office, Audit, Human Resources, Intellectual Property & Legal, Information Technology and other units of the Company. In July 2022, the Board of Directors approved the appointment of Chen Chien-Hsing (David Chen), the Company Vice President, as Chief Information Security Officer, and passed "Information Security Committee Organization Regulations". Based on the needs of information security operations, necessary members or inter-departmental meetings are convened to carry out information security work, coordinate the implementation of information security management systems and the allocation of required resources. The Company has formulated a specific information security management plan internally to maintain information security. In 2022, Novatek did not purchase information security insurance, nor did it encounter any major information security incidents that cause damage or affect the operations and reputation of the Company. 

The Company got certification of ISO/IEC 27001:2013 Information Security Management System (ISMS) in 2022, certificate number 10463719, and regularly conducts ISO 27001 verification audits. The current certificate is valid from August 2022 to August 2025.

Novatek makes an intellectual property (IP) management plan closely related to business objectives and R&D resources, to manage and protect the intellectual properties such as patents and trade secrets appropriately. Novatek reports the execution results of the IP management plan to the Board of Directors annually and discloses the execution results in the Novatek official website.