Risk name

Materiality to Company

Risk Management and Control Results

BoD's Supervisory Recommendations

Supply Chain Information Security Management

The increasing digitalization, connectivity, and extensive data exchange within supply chain networks are exposing supply chains to unprecedented information security threats. These attacks not only lead to significant financial losses for organizations but can also damage the long-term trust relationships between organizations and their partners and customers.

In accordance with the provisions of the "Supply Chain Information Security Management Guidelines", 30 key suppliers were selected to fill out the "Information Security Risk Assessment Form". The 30 suppliers were reviewed, and 2 suppliers were inspected on-site in proportion.

Continuously urge suppliers to improve their information security management and monitor the improvement progress of individual suppliers.

Strengthening Carbon Management Capabilities

Compliant with international regulations and supply chain requirements, enhancing the company's global competitiveness.

1. Introduce an organizational carbon inventory and product carbon.  footprint management platform.
2. Add new inventory items of Scope 3 annually.
3. Conduct a questionnaire survey on greenhouse gas emission sources of subsidiaries listed in the consolidated financial statements.

Comply with the greenhouse gas inventory and assurance requirements of the competent authority.

Compliance Risks Related to the Sustainability Standards

Failure to disclose carbon emission information that should have been disclosed resulted in penalties from the competent authorities.

1. An IFRS training course for managers was held, with a total of 277 participants. The course was conducted by a KPMG accountant.
2. The ESG unit issued a questionnaire based on the principle of materiality, and the supervisor is requested to respond in accordance with the principle of double materiality.
3. Study the semiconductor industry templates provided by the competent authority and conduct a gap analysis.

Comply with the IFRS alignment schedule of the competent authority.

Dimension

Material topic

Risk management policy/Mitigation measures

Corporate Governance

Economic Performance

1. Continue to invest R&D resources to strengthen core competitiveness.
2. Help customers roll out various customized storage products and assist them to improve products' added value, which will deepen customer relationships.

Risk Management

1. The Risk Management Committee screens and manages emerging risks each year based on the risk identification process, and regularly reports on operational conditions to the Board of Directors.
2. Continue to strengthen risk management for high-risk factors such as information security, supply chain management, and climate change risk assessment and response. This year, we conducted information security assessments of our supply chain for the first time.
3. In response to geopolitical impacts, we conducted an inventory of the material sources for components used in critical products and proactively sought alternative materials.
4. To demand that employees complete the business continuity management courses.

Innovation Management

Continue inputting R&D resources. The annual R&D expenses topped NTD12.6 billion, accounting for 81% of total operating expenditure.

Supply Chain Management

1. Utilize SAMP Online, the supply chain management platform, to convey the Company's important policy to suppliers along the supply chain.
2. Sustainability risk (ESG) accounts for 5%-10% of the total supplier evaluation score.
3. Establish the "RBA Vendor Management Policy", demanding that suppliers fill out and send back the RBA Self-assessment Questionnaire, and that suppliers found of any deficiency submit an improvement plan containing corrective measures within a week.
4. Hold annual supplier RBA training courses to strengthen suppliers' understanding of the RBA Code of Conduct and Phison's Supplier Code of Conduct, helping suppliers to assess their own compliance.
5. Require personnel from departments with procurement functions that are related to core business operations (Production Management Department and Procurement Department) to annually complete the "Sustainable Supply Chain - Role Awareness and Capacity Building Course." The content covers the definition and importance of sustainable supply chain management, the relationship between procurement behavior and the carbon pricing era, product carbon footprint and organizational carbon emissions, sustainable raw materials, etc.
6. Have established a "Supply Chain Information Security Management Guidelines" and conducted information security evaluations of 27 major suppliers using an "Information Security Risk Assessment Form," while also performing on-site audits of 3 of these suppliers.

Environment Protection

Green Product

1. Develop more energy-saving and more compact products, thereby helping end users reduce their greenhouse gas emissions.
2. Adopt a simplified packaging strategy when designing product packaging for customers, so as to reduce the amount of waste generation at the back end.

Social Participation

Talent Attraction and Retention

1. Refer to industry salary survey information and evaluate salary increases every year based on operating conditions to constantly improve the attractiveness of employee welfare and salary.
2. Launch improvement projects based on the results of the employee opinion survey; maintain clear and effective labor-management communication channels; create an inclusive, friendly, and healthy workplace, so as to enhance employees' recognition for the Company.
3. Join the “TALENT, in Taiwan”, a Taiwanese talent sustainability action alliance, and jointly proposed the initiative that “enterprises take hold of talents and export future skills to universities.”

Talent Development and Training

1. We understand the gap between expected goals and actual performance through gap analysis, and plan the annual training program and the department-specific training program (including new employee training) according to the specialized requirements of the organization and individual departments. Through continuous training in employees' professional competencies, we create employees' value in the workplace and raise their individual competitiveness.
2. Enrich online courses to improve employees motivation to take the continuing education.