Risk Management Policy and System

Since 2017, TCC has established a risk management system and the "Risk Management Implementation Plan." In 2020, the "Risk Management Policy" was formulated, and subsequently, referencing the Financial Supervisory Commission's "Corporate Risk Management Best Practice Principles for TWSE/GTSM Listed Companies" announced on August 8, 2022, the "Risk Management Policy and Procedures" were established. After being submitted and approved by the Board of Directors on December 23, 2022, they were officially implemented.

Review and revision of the risk management plan are conducted annually to effectively. In accordance with the "Risk Management Policy and Procedures," the scope, definitions, structure, mechanisms, and procedures of risk management are effectively executed to reduce the likelihood and impact of risks. This ensures the Company's sustainable operations and enhances its operational performance.
Risk Management Policy and System (CH)

Risk Management Committee

Organizational Structure of Risk Management

The Board of Directors is the highest governing body for risk management at the Company. The Board of Directors and the Audit Committee are responsible for overseeing the operation of the risk management mechanism and ensuring its effectiveness. The Risk Management Committee is chaired by the Chairman, with the President and Vice President serving as committee members.

A Risk Management Promotion Team is set up under the Risk Management Committee, which involves departments in conducting risk assessment and control activities. The Planning & Investment Management Dept. acts as the promoting and reporting unit to ensure the effectiveness of the risk management mechanisms and procedures.
  • Frequency: The committee reports to the Board and the Audit Committee on the implementation and operation status of risk management at least once a year.
  • Responsibilities: The committee is responsible for reviewing the Company's risk management mechanisms, risk management plans, and the effectiveness of these plans.

Risk Management Implementation

The company's risk management includes the management of "investment ", "operational", "management" and "climate change."
  • The risk management plan is updated annually on a rolling basis, and the implementation of risk management measures for the current year is reviewed semi-annually.
 

Risk Management Implementation Status

Year 2024
Jan
Risk management meeting
Compiled the risk profiles of various departments to create the company-level risk profile.
Risk Management Committee
Examined the company-level risk profile and confirmed that both the risk management plan and the risk management operational mechanism for 2023.
Mar
Completed the risk management plan
  1. The risk management plan for 2023 was completed, and control measures were implemented according to the plan.
  2. Reported on the implementation status of risk management for the entire year at the Board meeting on March 13, 2024.
Jul
Review the implementation of risk management measures
Reviewed the implementation of risk management measures for the first half of 2024.

ESG Key Topics and Risk Management Strategy

In accordance with the materiality principle, the Company identifies issues of concern to stakeholders related to its operations. The Company evaluates the internal and external impacts of these issues, conducts risk assessments, and formulates management guidelines. Additionally, it establishes relevant risk management policies and strategies to address these concerns.

Material Topics
Risk Management Strategy
Environment
Renewable Energy Development
TCC identifies the risks and opportunities posed by climate change and is committed to energy conservation, carbon reduction, and environmental protection as mitigation strategies. In alignment with government policies on energy transition and net-zero emissions, the Company is developing renewable energy businesses such as solar power, wind power, and geothermal energy. We are establishing measures to address risks associated with extreme weather as part of our adaptation strategies, ensuring environmental friendliness and corporate sustainability.
Environment
Energy Saving and Carbon Reduction
The Company will continue to carry out related work such as unit efficiency improvement, environmental protection equipment upgrades and waste recycling, fulfilling our energy-saving and carbon-reduction plans.
Social
Occupational Safety and Health
 
We have established environmental, safety, and health policies and have set up an Occupational Safety and Health Committee. Our occupational safety and health management measures and policies include workplace safety protection, construction and operation safety, occupational accident risk management, employee health management plans and health inspections, and health check-ups. We enhance safety education and training and regularly hold safety meetings to manage and continuously improve workplace safety and hygiene, and we have obtained ISO 45001 certification.
Social
Human Resource Management
We have established management mechanisms for talent recruitment, cultivation, and performance evaluation. We actively develop diverse recruitment channels, regularly arrange education and training, and implement training and care mechanisms for new employees. We encourage staff participation in internal and external training programs to assist in their career development, improve talent management systems, and ensure the transfer of organizational knowledge and experience.
Government
Improve corporate governance
We are actively improving corporate governance, enhancing the functions of the Board of Directors, strengthening information disclosure, and improving communication with stakeholders.
Government
Improve corporate performance
TCC is actively improving corporate governance, enhancing the functions of the Board of Directors, strengthening information disclosure, and improving communication with stakeholders.
Government
Supply stability and reliability
We provide high-efficiency, low-pollution energy services and continuously improve equipment to enhance power generation efficiency and increase operational reliability, supply stable and reliable steam and electricity to our customers.
Government
Sustainable Supply Chain
TCC actively promotes green procurement, establishes a supplier management mechanism, requires suppliers to sign a Corporate Social Responsibility Commitment, and conducts on-site sustainability performance audits for key suppliers to build a sustainable supply chain.

Information Security

Information Security Management Framework

We have integrated information security risk management into TCC's "Risk Management Implementation Plan," with "Risk Management Policy and Procedures" approved by the Board of Directors. We continuously updates ours risk management plan to effectively reduce and control risks related to information assets facing information security threats.

The Risk Management Committee holds regular meetings, while the Information Security Promotion Team is responsible for managing information security risk management projects. Each year, the team reviews and develops risk management plans, and personnel from the Administrative Management Department's Information Unit regularly evaluate the implementation of information security risk management measures. They also report the effectiveness of risk management to the Board of Directors regularly.
 
  •   2025 Information Security Management Report has been completed and will be presented at the Board of Directors meeting on December 2025. 
 

Information Security Policy

The use of information technology in corporate operations and management is becoming increasingly widespread. To ensure the confidentiality, integrity, availability, and legality of information assets and critical information infrastructure, it is essential to conduct risk assessments and implement appropriate protective measures. The Information Security Promotion Team is responsible for security management to meet specific objectives and adhere to established policies.
Information Security Policy and Information Security Management Mechanism of TCC

Information Security Management Plan

On November 17, 2020, Information Security Promotion Team has been established. Based on the "C-Level Classification for Non-Specific Public Agencies" from the Executive Yuan, TCC formulated information audit plans, which are managed, planned, and implemented by the Information Security Promotion Team.
 
  • Formulate an internal information audit plan and information security audit items within the Company. The Information Security Promotion Team will conduct self-assessments of information security internal controls and other related improvement measures.
  • In 2023, assign members of the Information Security Promotion Team to serve as dedicated information security officers and personnel which complied with regulatory authorities.
  • Conduct annual information security inspection on information equipment, penetration testing, and vulnerability scanning operations. Oversee the implementation of information security monitoring service mechanisms at invested power plants. 
  • Establish an annual information security education and training plan, and conduct four information security education and training courses in 2025. The course content includes: "Personal Information Security Awareness", "Annual Information Security Protection Trends", "Information Security Risk Management" and "AI Applications and Information Security Risks", etc., to promote information security-related issues and enhance employees' awareness of risk prevention.Conduct two company-wide email social engineering security test drills annually at irregular intervals. After the drills, conduct educational sessions to enhance employees' awareness of social engineering and information security.
  • Outsource the SOC (Security Operations Center) and establish endpoint detection and response services to strengthen information security protection.
 

Investment in Information Security

Since 2021, our company has continuously invested in information security management-related equipment and resources, demonstrating the support and importance that management attaches to information and communication security management. The investment over the past 5 years is shown in the following figure.
 

Information Security-related expenditure in the Past Five Years

Information Security-related expenditure in the Past Five Years
Unit: Thousands of NTD

Intellectual Property Management Status

1 The management of trade secrets is conducted in accordance with the company's Intellectual Property Management Regulations, and specific provisions are included in labor contracts with employees. A report on intellectual property management matters was presented to the Board of Directors on November 11, 2024.