2024 Risk identification and corresponding strategy
Compal performed Identification, Analysis and Evaluation based on the ISO 31000 framework and methodology, and determined 24 risk issues in five areas: Strategy, Finance, Operations, Regulatory Compliance, and the Environment. Considering the Company's resources, these issues were then prioritized in a risk matrix.

Following an analysis of the matrix, we determined specific risks for the three main risks based on the internal and external environment and drafted the strategy:


New & Emerging Risk

ETHICAL MANAGEMENT AND ANTI-CORRUPTION
Compal is committed to the establishment of the corporate culture of ethical management and upholds the principle of “zero tolerance” for unethical conduct, including bribery and corruption. See relevant policies on Compal website.

Annual risk assessment is conducted on three risk factors of operating risk, compliance, and internal controls for formulation of management plan. The analysis and response strategies for material corruption risks identified were confirmed by Board of Directors meeting on March 12, 2024. The ethical management and anti-corruption management team periodically strengthens internal management and audit procedures in line with best practice at international benchmark companies, the US Foreign Corrupt Practices Act (FCPA), and the UK Bribery Act (UKBA) of 2010.

Cyber Security
ISO 27001Information Security Policy
To achieve the information security strategy of "ensuring business continuity and enhancing customer satisfaction," Compal has implemented an information security management system. This includes formulating roles and responsibilities for information security, ensuring full participation from all employees and contractors. We identify information assets, conduct information security risk assessments, comply with laws and regulations, meet customer security requirements, and carefully evaluate overall information security risk items and acceptance criteria.
In response to the evolving digital environment and ever-changing new technologies, we strengthen digital resilience and implement information security controls with a proactive defense mindset. This includes identification, protection, detection, response, and recovery, aimed at maintaining the confidentiality, integrity, and availability of critical information assets. Through management reviews and performance evaluations, we continuously improve and maintain the effectiveness of the information security management system. Our goal is to gain customer trust, fulfill commitments to shareholders, and achieve sustainable business operations.
Compal Information Security Committee
Policies and Regulation for the Protection of Personal Data and Privacy
Compal formulates "Compal Group - Policies and Regulations for the Protection of Personal Data and Privacy", stating the employees should abide by and protect various forms of personal data processing procedures, the scope of application, corrective actions, and disciplinary actions. "Compal Group - Policies and Regulations for the Protection of Personal Data and Privacy" applies to all group-wide in Compal. The "Personal Data Management Team" (known as the "Data Management Team" is established across functions for the proper protection of privacy right, and the hotline at +886287978588#14385, or the e-mail at Compal_PIR@compal.com is set for filinging a complaint and reporting. Compal adopts a zero-tolerance policy for privacy protection. In the use of personal information, unless the individual explicitly agrees, Compal will not collect any personal information. In addition, Compal is also prohibited from using personal information for secondary purposes. There was zero secondary use through internal monitoring in 2023. If any relevant personnel is in breach of duty, Compal will take disciplinary actions and corrective actions to protect data privacy.
ISO 27001 Certification
Compal Group Policies and Regulations for the Protection of Personal Data and Privacy
Updated On Feb. 25, 2025