Board Composition and Operation

Composition of the Board of Directors

The board of directors is composed of two executive directors and two other non-managing directors according to the articles of association to ensure transparent and independent operation. The composition of the BOD meets the requirement of having a majority of the total number of directors according to the related laws and regulations, such as the Commercial Act. The directors possess industry expertise and professional knowledge of corporate management.

The board of directors deliberates and supervises important matters regarding company management according to the relevant laws, the articles of  association, and the board regulations. The company has made concerted efforts to establish a solid foundation for business management through board-centered governance. Moreover, we guarantee the independence of the members of the board of directors so that the board can supervise the company’s business operations in an objective manner. 

Board of Directors Remuneration System

The remuneration of the board of directors is executed according to the standards set by the board of directors by taking into account the relevant position and duties within the amount approved by the general meeting of shareholders. In the case of executive directors, their remuneration is provided based on their performance via a quantitative evaluation of overall company performance, and a qualitative evaluation of ESG activities, etc. 

Audit System

One auditor, appointed by the resolution of the general meeting of shareholders, audits our company’s accounting, and business operations. The audit findings are immediately reported to the head of the relevant department and top management, corrective and improvement measures are taken, and appropriate follow-up management is carried out for the measures taken. 

Operation of the Board of Directors

HUMAX Networks hosts periodic board meetings every quarter, and it may also hold temporary board meetings as and when required. The approval of proposed items of agenda requires the attendance of more than half of the total number of directors and the agreement of the majority in attendance. However, for matters specified by the relevant laws, such as Article 389 of the Commercial Act (Transactions between Directors, etc. and Company), the approval of items of agenda requires the agreement of more than two-thirds of the directors. In the board of directors’ meetings, reporting and resolutions are reached on major items of the management agenda. In 2023, six board meetings were held, with an average attendance rate of 100%. 

Ethical & Compliance Management

Ethical Management Policy and Promotion System

HUMAX Networks complies with the relevant laws and ethical standards in all its corporate activities. This allows us to fulfill our social responsibilities while establishing a fair, transparent, and sound corporate culture. We have established the ethics code of conduct to ensure that all employees, both locally and internationally, respect the laws and regulations of each country and region in which we do business. We are also fostering an ethical management culture so that our members fulfill their roles and responsibilities with an ethical mindset, with ‘Anti-Bribery, Anti-Corruption’ as the fundamental principle. This principle applies not only to our employees but also to transactions with our suppliers and partner companies. We also prohibit all forms of unfair trade.  

Core Principles for Ethical Management Practices

Ethics Code of Conduct

HUMAX Networks makes sure that its employees act fairly in any situation involving an ethical conflict that may arise while performing their duties by using the ethics code of conduct as the standard. We review the ethics code of conduct every year. In 2023, we added a new clause that prohibits money laundering in line with the global standards (Nov. 1, 2023). 

Gift and Entertainment Policy

In some countries, returning or refusing a gift can offend the giver due to customs and cultural factors. HUMAX Networks established a gift and entertainment policy in 2023 to help employees make the right decision when providing or receiving gifts or entertainment. This policy applies to all employees including the HUMAX Networks Corporation. Under this policy, any employee who receives a gift must obtain the approval of the head of their department on how to handle it. If an employee is unsure what to do with a gift or entertainment, final approval must be received from the department in charge of ethical management (HR dept.). 

Ethical Management Training

In 2023, we conducted training on “Understanding of Ethical Management” to ensure that employees raise their awareness of ethics, form a consensus on ethical management and practice it in their actual life and work. The training covered the Improper Solicitation and Graft Act, and examples of illegal solicitation. Ethical training was conducted for all employees, with 177 participants, in the form of an online training course over a period of about 2 weeks in September. 

Ethical Management Monitoring and Assessment

Ethical Management Monitoring System

We operate an ethical management system consisting of three stages, i.e. prevention, monitoring and detection, and implement follow-up measures. We perform ethical practice activities such as self-diagnosis assessments and training programs, etc. to raise the level of ethical practice of our members, and prevent unfair practices. Furthermore, we monitor unfair practices at all times via regular inspections and a reporting channel. We also take follow-up measures and conduct regular inspection and monitoring in order to improve our system for preventing ethical violations. 

Audit of Corruption Control Procedures

independent external audit agency conducts an external accounting audit. In 2023, understanding and assessment of internal controls, an early verification audit on important account balances, inquiries on important account balances and disclosure details, analytical procedures, and sample inspections (document verification, recalculation, etc.) were carried out. The results of the audit are disclosed through the Financial Supervisory Service’s Data Analysis, Retrieval and Transfer (DART) system every year. 

Corruption Risk Assessment (Internal Integrity Assessment)

HUMAX Networks periodically conducts a corruption risk assessment by referring to the Anti-Corruption & Civil Rights Commission’s integrity assessment model and contents. The corruption risk assessment consists of five areas, including two indexes, the integrity culture index and the work integrity index, as well as organizational culture, corruption prevention, etc. In the 2023 assessment, we obtained a total score of 84.2 points, showing a favorable level. However, we obtained a low score in the <Effectiveness of protecting whistleblowers of corruption> item for preventing corruption. Consequently, we established the following action plans.

Third-Party Anti-Corruption Monitoring

HUMAX Networks conducts corruption monitoring of not only our company but also our suppliers. The main target of third-party anti-corruption due diligence is our major suppliers. As regards the method, we conduct a written assessment, including indexes related to corruption and integrity ethics, in connection with our supply chain ESG assessment. In 2023, we conducted anti-corruption due diligence on our major suppliers. 

We operate a reporting channel for unethical acts that may involve our employees and stakeholders. For the issues received via the reporting channel, the processing and results are reported to the board of directors. We make sure that similar cases do not occur in any future business management activities and employees’ work. 

Whistleblower Protection and Anti-Retaliation Measures

assured and consult and report violations. We have also put a whistleblower protection program in place to ensure whistleblowers do not receive unfavorable treatment due to reporting. Moreover, we apply a policy that strictly prohibits retaliation to prevent unfavorable treatment such as dismissal, demotion, unpaid suspension, etc. even if a member reports or raises a question about unethical behavior or violations of laws, rule of ethics, or other company policies. 

Reporting channel and responsible department

･ Website: https://www.humax-networks.com/report

･ Responsible department: Management support team (82+ 31-606-8320)

･ Hotline (Clean HUMAX Networks): 112@humax-networks.com 

Information Security

Information Security Management System

HUMAX Networks has put in place - through the governance system - an information security management system comprising an information security policy, a chief information security officer (CISO), an information security committee, and acquisition of the ISO 27001 certification. Through this, we acknowledge the importance of personal information protection, and do our utmost to prevent leakages of our customers’ personal information. As a result of these efforts, we have not had a single personal information leakage or violation for the past three years.  

Information Security Policy

HUMAX Networks has established an information security policy to preserve and manage personal information assets safely and efficiently. The scope of this policy applies not only to all employees who work at our company, but also all to third parties that have access to HUMAX Networks’ assets due to contractual relations, and customers to whom we provide our services. 

HUMAX Networks’ Information Security Policy

ISO 27001 Certification

HUMAX Networks has been objectively recognized for its management system and information security activities with the ISO 27001 certification, an international standard on information security management systems. This certification involves an inspection of the operational status of the management system through renewal audits before its expiration, identifies areas to improve upon beforehand and, based on this, initiates a process of feedback and corrective measures, etc. 

Information Security Governance

The Chief Information Security Officer (CISO), who has expertise in information security, makes the final decisions on information security matters, and manages overall information security activities. Meanwhile, the Chief Privacy Officer (CPO) is responsible for implementing measures to protect personal information, and managing information security. We host an information security committee meeting with our information security organization semiannually, and regularly hold meetings depending on the company’s information security situation in order to make decisions on major items of agenda concerning information security. Moreover, in the event of an urgent situation related to information security, we mobilize a security incident response organization and an emergency response organization to address the situation promptly and effectively. 

Information Security Activity and Risk Assessment

HUMAX Networks periodically conducts internal security audits according to user security management guidelines and information system operation security guidelines in order to check whether information security activities are being complied with. In addition, we have set KPIs based on the ISMS (Information Security Management System) in relation to information security activities to measure the effectiveness of information security activities. 

Information Security Training

HUMAX Networks conducts regular information security training for all its employees and those of its partner companies. In 2023, all 188 employees participated in the related training. We not only conduct basic training but select specific targets for training, and we also conduct training if specialized training is needed for a specific area. Moreover, we conduct training related to personal information protection for personal information officers more than once a year, and set the information security training attendance rate as a KPI to manage training performance.

Protection of Third-Party Data

HUMAX Networks strictly manages personal information according to the guidelines on personal information protection. We receive and keep a security pledge from employees to prevent leaks, losses, and damages of personal information. In addition, we are taking various measures to protect third-party data from unauthorized access or disclosure.  

Information Security Risk Assessment and Security Audit

In order to maintain the ISO 27001 certification, HUMAX Networks periodically undergoes an information security risk assessment by an independent third party (ISO 27001 certification auditor). We receive an assessment of the risk level by inspection items according to the type of organizational control, human control, physical control, and technical control. After the assessment, we establish protection measures for each risk level. Furthermore, we regularly conduct inspections of security in everyday life, assess the actual state of our information protection management, and address any vulnerability thus identified so as to enhance our information security. 

Response to Information Security Breaches

HUMAX Networks strictly manages security breaches according to the guidelines. In the event of a security incident involving an information asset, the Chief Information Protection Officer organizes a breach incident response team to address the breach. Moreover, we solve problems promptly in cooperation with professional external organizations. 

Risk Management

Risk Management System and Roadmap

HUMAX Networks manages the overall risk of the company effectively by identifying potential risks during business activities and corporate operations and preparing strategies to respond to such risks. We identify various risks that may arise in several areas, and aim to maximize the efficiency of risk management by building a response system tailored to the types of relevant risks. If company losses are confirmed or a risk with a very high possibility of generating losses is identified, we judge the urgency of the situation by discussing it with the overseeing department, and hold a temporary board meeting to discuss the related issues. Furthermore, we periodically review ESG risks when making investments; and the board of directors makes major decisions and performs management and supervisory roles.  

Company-Wide Risk Management Process 

The major managing department monitors risks continuously according to their types. If a risk is discovered, we immediately identify the type and assess the level of risk. Based on the result of this assessment, we analyze the cause in order to secure the necessary resources and establish response measures. When necessary, we strengthen the countermeasures a step further in cooperation with external experts, and transparently report the results of the analysis and response measures to the board of directors and senior management. If the risk situation ends, we remove the cause of the potential risk, and strive to enhance the response system by developing follow-up plans in preparation for similar cases. 

Risk Identification and Management

HUMAX Networks selects risks that may threaten the company’s ability to achieve its goals, comprehensively considering its management goals and business environment, and manages the related risks by risk level. We classify the types of risks into financial risks and non-financial risks (business continuity, operation), and establish a systematic response system for each type of risk.