Supply Chain Management

Evaluation Mechanism

While enhancing customer service quality, TNP prioritizes protecting customer privacy rights and intellectual property. TNP signs confidentiality agreements with customers to safeguard their confidential information and ensures that employees adhere to confidentiality protocols during business interactions. The company conducts comprehensive assessments of the positive and negative economic and human rights impacts of customer privacy. TNP has established an Information Security Committee and achieved ISO 27001 Information Security Management System and BS 10012 Personal Information Protection Management System certifications. TNP adheres to confidentiality agreements and personal data protection laws for customer privacy.

The company has set up an evaluation mechanism based on the ISO 27001 Information Security Management System and established short, medium, and long-term goals. In 2024, there were no complaints about customer privacy violations or data loss.

Reason for the Issue's Importance

Protecting customer privacy and ensuring the proper storage of customer data has become one of the most critical issues in global business operations. Violations can significantly damage a company's image and may also result in both criminal and civil liabilities.

Impact and Influence

  • Economic Actual Positive Impact:
    1. Properly handling customer privacy and establishing robust privacy protection mechanisms can enhance customer trust in the business, promoting long-term customer loyalty.
    2. Complying with privacy regulations and standards may reduce legal risks, maintain the company's reputation, and help stabilize operations.
  • Economic Potential Negative Impact:
    1. Non-compliant privacy handling and leaks will result in legal fines, increasing the company's economic costs.
    2. Privacy violations may cause customer concerns, leading to customer loss and affecting company revenue.
  • Potential Negative Impacts on Corporate Image:
    1. Privacy breaches may lead to data misuse, affecting environmental sustainability.
    2. Privacy incidents may cause social distrust in the company, leading to long-term damage to the company's image.
  • Potential Positive Impacts on Corporate Image:
    1. Effective privacy protection measures help reduce the risk of information security breaches and mitigate the negative impact of data leaks on the business environment.
    2. Adhering to privacy protection principles allows the company to adapt better to sustainable development operations.
  • Actual Positive Human Rights Impacts:
    1. Actively protecting customer privacy is a manifestation of respecting individual privacy rights, which helps uphold human rights.
    2. Providing transparency in privacy information helps customers understand the company's data handling practices, contributing to the protection of human rights.
  • Potential Negative Human Rights Impacts:
    1. Improper data collection and use may exacerbate information asymmetry in society, harming individuals' information autonomy.
    2. Data misuse may lead to discrimination against specific groups, affecting the principle of human rights equality.

Policy/Strategy

  • Regular information security and confidentiality advocacy. Customer-related information, including physical, data, or electronic, must not be disclosed in any form or manner.
  • Upload sensitive data to NAS with appropriate permission control and maintain a complete backup system to ensure data integrity.
  • Regular audits to establish strict confidentiality measures, preventing improper use of customer privacy and protecting customer and company interests.

Goals and Targets

  • Short-term Goals:
    Enhance employee training on "Privacy Protection" and "Information Security," conducting at least one session per year.
    Each unit must complete an information security selfassessment quarterly.
  • Mid-term Goals:Continuously update firewalls, antivirus software, document encryption software, and computers. Implement hardware and software controls for sensitive email review and sensitive document notification from printers.
  • Long-term Goals:Develop "Information Security Policy" and "Information Security Management Measures." Strictly record and control through internal systems to protect customer information and documents. Approve and manage internal personnel operation permissions according to relevant system regulations.

Management Evaluation Mechanism

The company conducts PDCA (Plan-Do-Check-Act) effectiveness evaluation mechanism according to ISO/IEC 27001.

Performance and Adjustments

In 2024, there were no complaints regarding customer privacy violations or data loss.
In 2024, “Privacy Protection” and “Information Security” education and training were conducted through the circulation of paper materials and spot checks."

Preventive or Remedial Measures

All computer equipment is installed with enterprise antivirus software, which is uniformly and regularly updated to prevent the spread of computer viruses. A firewall is in place to prevent hacker intrusions. Document data is encrypted using encryption software and stored in NAS with regular backups to ensure data storage security. An access control system is installed in the information room. All mainframe or ERP system queries and operations must be logged in with an account and password to prevent business data leakage.

Sustainable Procurement

TNP began planning in 2021 to increase its local procurement ratio to reduce transportation carbon emissions. In 2022, the proportion of our total domestic suppliers was 94%, and in 2023, it was 93%. Considering the warranty and contract periods for labor services and engineering procurement, we initially planned to increase the proportion of local procurement for raw materials from 33.7% in 2022 to 57.8% in 2023. In 2024, we further increased the number of domestic partners for labor services and engineering services. In 2024, the local procurement amount for labor, finance, and engineering accounted for 89.63% of the total procurement amount. Moving forward, TNP will continue to promote supplier policies and select more excellent domestic partners.

TNP Company Procurement Proportions Over the Past Three Years
Contract TypeProcure ment Area202220232024
Number of SuppliersProportion of Total Procurement Amount (%)Number of SuppliersProportion of Total Procurement Amount (%)Number of SuppliersProportion of Total Procurement Amount (%)
Labor(Contractin g and Services)Domestic26748.1924132.4325951.31
Foreign70.8770.4371
Materials(Raw Materials)Domestic10933.6810157.759233.27
Foreign166.33164.94199.37
Engineering(Constructi on and Equipment)Domestic1110.8491.96175.05
Foreign10.0942.4900
Total411100378100394100
Notes: Domestic refers to Taiwan; Foreign refers to regions outside Taiwan.

Supplier Environmental and Social Evaluation

TNP encourages suppliers to sign an “Environmental/Occupational Safety Questionnaire,” a “Guarantee of Non-Use of Restricted Substances,” and a “Conflict Minerals Statement."

Furthermore, the Company has developed a “Supplier Scorecard.” Each year, procurement personnel from the Materials Department conduct evaluations of “raw material suppliers with transactions in the current year” and “raw material suppliers rated D in the previous period.” Evaluation items include material quality, on-time delivery rate, price advantage, development capability, and service cooperation. Suppliers are rated A, B, C, or D based on their total score.

During this reporting period, there were 111 raw material suppliers, all of whom underwent the review process, achieving a 100% review rate. If a supplier is rated D, they must submit a written improvement plan within a specified period. Suppliers who fail to meet standards after a three-month improvement period will have their qualified supplier status revoked. In 2024, all suppliers passed the evaluation with no disqualifications.