Morrison Express Corporation
Information Security Statement

LAST MODIFIED: April 14, 2026

Information security is one of the fundamental elements for ensuring the Company’s sustainable operations. All personnel (including employees and third-party personnel, hereinafter collectively referred to as “personnel”) are required to comply with information security management policies and procedures to ensure the confidentiality, integrity, and availability of information assets under the Company’s control, as well as compliance with applicable laws and regulations, thereby safeguarding the interests of both customers and employees.

  1. In accordance with the ISO/IEC 27001 international standard and relevant legal and regulatory requirements, the Company has established an Information Security Management System (ISMS). Through periodic reviews and internal and external audit mechanisms, the Company ensures continual improvement and strengthens security controls over its information systems. These systems include all valuable information assets such as hardware, software, applications, data, documents, and services.
  2. All employees and suppliers are responsible for implementing and complying with the requirements of the ISMS through appropriate procedures and must adhere to all applicable information security management policies and procedures.
  3. All employees and suppliers are obligated to maintain the confidentiality of the Company’s information assets and comply with all ISMS requirements when accessing or using such assets.
  4. The Company established information security standards and contractual requirements for all suppliers engaged in business with the Company (including outsourced vendors and cloud service providers).  and conducts security assessments or audits to ensure adherence to its information security policies and to maintain the integrity of the information security supply chain. Contracts shall include, at a minimum, the following provisions:
    • The supplier’s confidentiality obligations
    • The requirement for suppliers to implement appropriate security measures to protect the services provided to the Company
    • The supplier’s liability for damages resulting from information security incidents caused to the Company.
  5. The Company implements strict measures to protect customer data, financial information, and internal operational data from unauthorized access, alteration, or disclosure, and ensures compliance with applicable laws and regulations, including Taiwan’s Personal Data Protection Act. In the event of a data breach affecting customers’ personal data, the Company shall notify affected individuals within the timeframes required by applicable law.
  6. The Company and its suppliers shall remain vigilant regarding potential information security vulnerabilities or threats and shall report identified incidents and weaknesses through established reporting mechanisms in a timely manner. External parties who discover security vulnerabilities are encouraged to report them via the contact address provided in this Statement.
  7. In the event of an information security incident, the Company shall follow the “Information Security Incident Reporting and Response Procedure of Morrison Express”. Depending on the severity of the incident, the Company may impose disciplinary actions on the personnel involved or pursue legal action where necessary.
  8. Customers and relevant individuals are entitled to exercise data subject rights under applicable law, including the right to access, correct, or delete their personal data. For any inquiries regarding data subject rights or information security matters, please contact: it_security@morrisonexpress.com.
  9. This statement applies to Morrison Express Corporation Ltd. and its global operations. It will be reviewed and updated on a regular basis. The latest version is published on the Company’s official website.