Evaluation Mechanism
While enhancing customer service quality, TNP prioritizes protecting customer
privacy rights and intellectual property. TNP signs confidentiality agreements with
customers to safeguard their confidential information and ensures that employees
adhere to confidentiality protocols during business interactions. The company
conducts comprehensive assessments of the positive and negative economic and
human rights impacts of customer privacy. TNP has established an Information
Security Committee and achieved ISO 27001 Information Security Management
System and BS 10012 Personal Information Protection Management System
certifications. TNP adheres to confidentiality agreements and personal data
protection laws for customer privacy.
The company has set up an evaluation mechanism based on the ISO 27001 Information Security Management System and established short, medium, and long-term goals. In 2023, there were no complaints about customer privacy violations or data loss.
The company has set up an evaluation mechanism based on the ISO 27001 Information Security Management System and established short, medium, and long-term goals. In 2023, there were no complaints about customer privacy violations or data loss.
Reason for the Issue's Importance
Protecting customer privacy and ensuring the proper storage
of customer data has become one of the most critical issues in
global business operations. Violations can significantly damage
a company’s image and may also result in both criminal and civil
liabilities.
Impact and Influence
- Economic Actual Positive Impact:
- Properly handling customer privacy and establishing robust privacy protection mechanisms can enhance customer trust in the business, promoting long-term customer loyalty.
- Complying with privacy regulations and standards may reduce legal risks, maintain the company's reputation, and help stabilize operations.
- Economic Potential Negative Impact:
- Non-compliant privacy handling and leaks will result in legal fines, increasing the company's economic costs.
- Privacy violations may cause customer concerns, leading to customer loss and affecting company revenue.
- Potential Negative Impacts on Corporate Image:
- Privacy breaches may lead to data misuse, affecting environmental sustainability.
- Privacy incidents may cause social distrust in the company, leading to long-term damage to the company's image.
- Potential Positive Impacts on Corporate Image:
- Effective privacy protection measures help reduce the risk of information leakage and minimize the negative impact of data breaches on the company's environment.
- Adhering to privacy protection principles allows the company to adapt better to sustainable development operations.
- Actual Positive Human Rights Impacts:
- Actively protecting customer privacy is a manifestation of respecting individual privacy rights, which helps uphold human rights.
- Providing transparency in privacy information helps customers understand the company's data handling practices, contributing to the protection of human rights.
- Potential Negative Human Rights Impacts:
- Improper data collection and use may exacerbate information asymmetry in society, harming individuals' information autonomy.
- Data misuse may lead to discrimination against specific groups, affecting the principle of human rights equality.
Policy/Strategy
- Regular information security and confidentiality advocacy. Customer-related information, including physical, data, or electronic, must not be disclosed in any form or manner.
- Upload sensitive data to NAS with appropriate permission control and maintain a complete backup system to ensure data integrity.
- Regular audits to establish strict confidentiality measures, preventing improper use of customer privacy and protecting customer and company interests.
Goals and Targets
- Short-term Goals:
Enhance employee training on "Privacy Protection" and "Information Security," conducting at least one session per year.
Each unit must complete an information security selfassessment quarterly. - Mid-term Goals:Continuously update firewalls, antivirus software, document encryption software, and computers. Implement hardware and software controls for sensitive email review and sensitive document notification from printers.
- Long-term Goals:Develop "Information Security Policy" and "Information Security Management Measures." Strictly record and control through internal systems to protect customer information and documents. Approve and manage internal personnel operation permissions according to relevant system regulations.
Management Evaluation Mechanism
The company conducts PDCA (Plan-Do-Check-Act) effectiveness
evaluation mechanism according to ISO/IEC 27001.
Performance and Adjustments
In 2023, there were no complaints regarding customer privacy violations or
data loss.
In 2023, "Privacy Protection" and "Information Security" education and training were conducted through the circulation of paper materials and spot checks.
In 2023, "Privacy Protection" and "Information Security" education and training were conducted through the circulation of paper materials and spot checks.
Preventive or Remedial Measures
All computer equipment is installed with enterprise antivirus
software, which is uniformly and regularly updated to prevent the
spread of computer viruses. A firewall is in place to prevent hacker
intrusions. Document data is encrypted using encryption software
and stored in NAS with regular backups to ensure data storage
security. An access control system is installed in the information
room. All mainframe or ERP system queries and operations must be
logged in with an account and password to prevent business data
leakage.
Sustainable Procurement
TNP has begun planning to increase the proportion of local procurement to reduce transportation carbon emissions. In 2022, the overall proportion of domestic procurement accounted for 94%, and in 2023 it was 93%. Considering the warranty and contract period for labor and engineering procurement, the initial plan was to increase the local procurement proportion of raw materials from 33.7% in 2022 to 57.8% in 2023. In 2023, the local procurement amount for labor, finance, and engineering accounted for 92.14% of the total procurement amount. Moving forward, TNP will continue to promote supplier policies and select more excellent domestic partners.
| TNP Company Procurement Proportions Over the Past Three Years | |||||||
| Contract Type | Procure ment Area | 2021 | 2022 | 2023 | |||
| Number of Suppliers | Proportion of Total Procurement Amount (%) | Number of Suppliers | Proportion of Total Procurement Amount (%) | Number of Suppliers | Proportion of Total Procurement Amount (%) | ||
| Labor(Contractin g and Services) | Domesti c | 279 | 47.310 | 267 | 48.190 | 241 | 32.430 |
| Foreig | 6 | 0.160 | 7 | 0.870 | 7 | 0.430 | |
| Materials(Raw Materials) | Domesti c | 117 | 42.150 | 109 | 33.680 | 101 | 57.750 |
| Foreig | 19 | 7.400 | 16 | 6.330 | 16 | 4.940 | |
| Engineering(Constructi on and Equipment) | Domesti c | 8 | 2.980 | 11 | 10.840 | 9 | 1.960 |
| Foreig | 0 | 0.000 | 1 | 0.090 | 4 | 2.490 | |
| Total | 429 | 100% | 411 | 100% | 378 | 100% | |
Supplier Environmental and Social Evaluation
TNP promotes suppliers to sign the "Environmental/Occupational Safety and Health
Questionnaire" and the "No Use of Restricted Substances Guarantee." Among 150
major raw material suppliers, 87 signed the "Environmental/Occupational Safety and
Health Questionnaire," and 72 signed the "No Use of Restricted Substances
Guarantee." Additionally, suppliers with ISO 9001 quality management are
prioritized. In 2023, TNP's supplier evaluation showed no unqualified suppliers or
negative environmental impacts.
Furthermore, the company has established a "Supplier Evaluation Form." Each year, the procurement staff of the Material Department conducts evaluations on "current year suppliers" or "previously D-rated suppliers." Evaluation criteria include material quality, delivery performance, price advantage, professional ability, and service cooperation. Suppliers are rated A, B, C, or D based on these assessments.
During this reporting period, the company's raw material transaction suppliers in 2022 totaled 80, all of which were evaluated, achieving a 100% inspection rate and meeting the target. Additionally, through document audits and supplier evaluations, the company strengthened supervision, provided necessary guidance and assistance, and arranged re-evaluations to ensure standards are met. Suppliers who fail to meet the evaluation standards and cannot comply will have their transaction volumes reduced or contracts terminated. In 2023, all suppliers passed the evaluation with no disqualifications.
Furthermore, the company has established a "Supplier Evaluation Form." Each year, the procurement staff of the Material Department conducts evaluations on "current year suppliers" or "previously D-rated suppliers." Evaluation criteria include material quality, delivery performance, price advantage, professional ability, and service cooperation. Suppliers are rated A, B, C, or D based on these assessments.
During this reporting period, the company's raw material transaction suppliers in 2022 totaled 80, all of which were evaluated, achieving a 100% inspection rate and meeting the target. Additionally, through document audits and supplier evaluations, the company strengthened supervision, provided necessary guidance and assistance, and arranged re-evaluations to ensure standards are met. Suppliers who fail to meet the evaluation standards and cannot comply will have their transaction volumes reduced or contracts terminated. In 2023, all suppliers passed the evaluation with no disqualifications.