Environmental, Social, and Governance Statement

Qbic Technology ESG Milestone

Environmental Protection

  • Qbic Technology is actively planning short, medium, and long-term goals and action plans, with the ultimate target of achieving net-zero carbon emissions by 2050.

  • We are actively implementing greenhouse gas (GHG) inventory and reduction initiatives, while also encouraging our supply chain partners to conduct GHG assessments and take emission reduction actions.

  • We embrace green design by strictly avoiding the use of internationally restricted or prohibited substances. Our products feature low-power consumption and enhanced energy efficiency. We also incorporate circular economy principles by utilizing recyclable materials in the product design phase and minimizing waste generated during the manufacturing process.

Social Responsibility

  • Qbic complies with international labor standards (such as SA8000 and RBA), prohibiting child labor and forced labor.

  • We are committed to ensuring equal pay for equal work, promoting gender equality, and actively preventing any form of discrimination or bullying in the workplace.

  • We ensure a safe workplace by implementing occupational health and safety management.

  • Regular health checks and safety training are conducted for our employees.

  • We are gradually planning and promoting community involvement and activities to strengthen neighborly ties and foster social harmony.

  • Encourage ESG-related education and training.

Corporate Governance

  • Qbic Technology strictly adheres to corporate governance regulations, including the “Regulations Governing Establishment of Internal Control Systems by Public Companies” and other relevant laws and guidelines.

  • We participate in CDP (Carbon Disclosure Project) and RBA (Responsible Business Alliance) questionnaire assessments to enhance corporate credibility.

  • We actively promote the research, preparation, and disclosure of sustainability reports, and are committed to enhancing our ESG performance.

  • We diligently promote supply chain management and ethical sourcing, requiring suppliers to submit ESG commitment letters and to establish and implement anti-corruption and ethical procurement policies, ensuring transparency throughout the supply chain.

Information Security and Data Privacy Protection Measures

To safeguard business operations and protect stakeholder interests, Qbic Technology has proactively adopted the ISO 27001 Information Security Management System (ISMS) and successfully passed the SGS certification in Q2 2025 to strengthen its information security governance.

Information Security Governance:
  • We have established an internal information security management team, responsible for developing and overseeing security policies and procedures.

  • Regular reviews are conducted to ensure alignment with relevant regulations and industry best practices.

Policies and Standards:
  • We have adopted and implemented information security policies covering access control, data classification, system monitoring, and incident response.

  • These policies are regularly updated and communicated to employees through internal training.

Technical Safeguards
  • Deployment of firewalls, intrusion detection systems (IDS), antivirus software, and data encryption technologies to prevent unauthorized access or breaches.

  • Implementation of multi-factor authentication (MFA) for critical systems and accounts.

  • Regular security vulnerability scans and penetration testing are conducted by external vendors to identify and mitigate risks.

Data Privacy Protection
  • Personal and customer data are managed in accordance with relevant laws and regulations.

  • All sensitive data is stored securely and access is restricted to authorized personnel only.

  • A clear data retention policy is in place to avoid over-retention and ensure timely deletion of obsolete data.

Employee Training and Awareness
  • Mandatory annual information security training is provided to all employees.

  • Specific training for employees includes simulated phishing tests and secure data handling practices.

Incident Response
  • A formal Incident Response Plan (IRP) is in place.

  • In the event of a data breach, affected stakeholders are notified according to legal requirements, and corrective actions are taken immediately.