AUO regards suppliers as important partners. Through tight co-operation, we strive for win-win situation and encourage mutual beneficial development and sustainability.

 

Supply Chain Cybersecurity Guidelines

  • Comply with AUO's supplier cybersecurity policies, standards, and procedures.
  • AUO advise that appropriate cybersecurity management measures should be taken, or ISO 27001/TISAX standard should be used for cybersecurity management.
  • Protect confidential information and personal data of AUO and its customers, and prevent unauthorized third-party use.
  • Delivered software products must have compliant licenses.
  • Ensure that the provided products are free from all vulnerabilities that have already been publicly disclosed before the delivery date.
  • If a product or subcontractor's product has vulnerabilities, immediate notification must be given, and a repair plan provided.
  • Delivered products consist of no computer viruses, malware, trojan horses, worms, time bombs, or spyware.
  • If suppliers experience a cybersecurity incident that may affect AUO's production or operations, the AUO contact window (purchasing personnel in this case) should notify AUO within 24 hours, provide a written report within 7 days, and resolve the incident within 30 days.
  • Cooperate with AUO in conducting cybersecurity assessments (such as surveys or on-site audits).

 

Aiming to strengthen two-way communications between AUO and suppliers, AUO has built up several different systems, including:


Supplier's Report Hotline - Employee Ethics Violations Reporting System
Business conduct between AUO and suppliers shall be compliant with applicable laws, regulations, rules and business ethics. If you are aware of anything in connection with AUO's procurement team which could be illegal or violations of integrity policy, please report to us directly. If the alleged report is proven true, we will take appropriate and serious actions against the personnel involved in the reported matter. Information and identity of the company reporting the matter will be kept confidential.

 

You are welcome to report the concerning matters to supplier's report hotline. All reports will be treated in a confidential manner and the person in charge of receipt of reports from supplier's report hotline is chief in AUO internal audit department and we will have dedicated personnel to contact you.

 

If you are aware that AUO's employees involved in the matters below, you can report to us:

  1. Employees and his/her family members receive cash, gift or other items with value for more than NT$1,000.
  2. Employees receive commission or any other illegal benefits from vendors.
  3. Except for meals, employees receive any free-of-charge trips from vendors.
  4. By using their own position, employees introduce or cause vendors to hire his/her family members.
  5. By using their own position, employees accept bribery and conduct activities to benefit vendors.
  6. By using their own position, employees have loan or investment relationship which is not through public market with vendors.
  7. Employees ask vendors to provide any services not related to procurement.
  8. Employees do not comply with AUO's policy for fairly conducting AUO's procurement.