Committees

The purpose of the Audit Committee is to assist the Board in the execution of its duties to supervise and implement the Company Act, the Securities and Exchanges Act, and other related laws. On June 21, 2012, PCSC established the Audit Committee, which is consist of three independent directors. The Audit Committee holds at least one meeting every quarter. During its seven meetings in 2025, it primarily discussed the following items:

(1) Reviewing financial reports: The Board prepared the Company’s 2024 business report, financial statements, and proposal for allocation of 2024 profits. The independent auditors of PRICEWATERHOUSECOOPERS audited PCSC’s financial statements and issued an audit report on the financial statements. The business report, financial statements, and profit allocation proposal were reviewed and determined to be correct and accurate by the Audit Committee members of President Chain Store Corp.

(2) Evaluating the effectiveness of the Company’s internal control system: The Audit Committee evaluates the policies and procedures of the Company’s internal control systems and reviews the Company’s Audit Department and external auditors, and examines regular managerial reports.

(3) Appointing external auditors: The Audit Committee has the responsibility to ensure the independence and appropriateness of accounting firms and the accuracy of financial reports. PCSC passed the proposal to evaluate the independence and appropriateness of the external auditors on February 25, 2025.

There had been a total of 14 meeting of the Audit Committee between 2024 and 2025. The independent directors’ attendances are detailed below:

Title Name Meetings Attended Personally in 2024~2025
Convener Chen, Liang 14
Member Hsu, Ke-Wei 14
Member Hung, Yung-Chen 14

IMPLEMENTATION OF EVALUATION PROCEDURES

(THE 2024 EVALUATION RESULTS REPORTED TO THE BOARD OF DIRECTORS ON FEBRUARY 26, 2025.)

Evaluation cycle Evaluation period Evaluation scope Evaluation meth Evaluation details
Execute once a year January 1, 2024 to December 31, 2024 Performance evaluation of Audit Committee Self-evaluation
  • Participation in the Company operations
  • Awareness of functional committee’s duties
  • Improve decision-making quality of functional committees
  • Composition of functional committee and selection of members
  • Internal control

EVALUATION RESULTS:

Evaluation Scope Item Score
A. Participation in the Company operations 4 4.92
B. Improve the quality of board decisions 7 4.87
C. Board composition and structure 7 4.95
D. Director selection and continuing education 3 4.89
E. Internal control 3 4.92
Results in Average 24 4.93

  • The Audit Committee operates effectively and demonstrates a strong understanding of the Company’s objectives and responsibilities. Its agreed goals and operational performance indicators are aligned with governance requirements, effectively supporting the Company’s sustainable operations, social responsibility, risk management, and long-term strategic development, and reflecting the principles of sound corporate governance.
  • Based on the results of this performance evaluation, the Company will continue to enhance the professional expertise and depth of engagement of Audit Committee members, as well as optimize meeting procedures, to further strengthen the effectiveness of corporate governance.
  • The Audit Committee achieved a 100% attendance rate during the evaluation period.

The major resolutions approved at Audit Committee are summarized below:

(1) The 19th meeting of the 4th Audit Committee (Date: February 26, 2024)
● Approved 2023 financial statements and consolidated financial statement.
● Approved the Company’s 2023 Internal Control System Statement.
● Approved the PCSC CPA independence and appropriateness evaluation resolution.
● Approved President Chain Store (BVI) Holdings Ltd.‘s capital increase in President Chain Store (Hong Kong) Holdings, and approved President Chain Store (Hong Kong) Holdings Ltd.‘s capital increase in President Chain Store (Shanghai) Ltd. and President Chain Store (Zhejiang) Ltd.
● Approved the proposal of acquisition or disposal of real estate assets and right-of-use assets from the Company’s related parties.

(2) The 20th meeting of the 4th Audit Committee (Date: February 27, 2024)
● Approved the 2022 earnings distribution proposal and business reports

(3) The 21th meeting of the 4th Audit Committee (Date: April 29, 2024)
● Approved 2024 Q1 consolidated financial statement.
● Approved the Company’s capital increase in Connection Labs Ltd.
● Approved the proposal of acquisition or disposal of real estate assets and right-of-use assets from the Company’s related parties.
● Approved to sign the Bay City Case 38 contract with Kaohsiung City Government and approved the project contract that the Company intends to sign with the related party.

(4) The 1st meeting of the 5th Audit Committee (Date: June 12, 2024)
● Approved the sale of 55% equities of Shan Dong President Yinzuo Commercial Ltd.
● Approved the Company’s signing of the management consulting contract

(5) The 2nd meeting of the 5th Audit Committee (Date: July 30, 2024)
● Approved 2024 Q2 consolidated financial statement.
● Approved the proposal of acquisition or disposal of real estate assets and right-of-use assets from the Company’s related parties.

(6) The 3rd meeting of the 5th Audit Committee (Date: October 30, 2024)
● Approved 2024 Q3 consolidated financial statement.
● Approved 2024 Financial Statement and Profit-seeking Enterprise Income Tax Auditing and Certification fee.
● Approved amendments to the Company’s 2025 Internal Control System.
● Approved the Company’s 2025 audit plan.
● Approved amendments of President Chain Store Corporation Audit Committee Charter.
● Approved the Company’s investment in logistics park.
● Approved the proposal of acquisition or disposal of real estate assets and right-of-use assets from the Company’s related parties.

(7) The 4th meeting of the 5th Audit Committee (Date: December 18, 2024)
● Approved the Company’s capital increase in ICASH Corp.
● Approved the proposal of acquisition or disposal of real estate assets and right-of-use assets from the Company’s related parties.

(8) The 5th meeting of the 5th Audit Committee (Date: February 25, 2025)
● Approved the Company’s 2024 separate financial statements and consolidated financial statements.
● Approved the filing of the Company’s “2024 Internal Control System Statement.”
● Approved the Company’s CPA independence and appropriateness evaluation resolution.
● Approved the Company’s acquisition of real estate.
● Approved the proposal of acquisition or disposal of right-of-use assets related to real estate from the Company’s related parties.

(9) The 6th meeting of the 5th Audit Committee (Date: February 26, 2025)
● Approved the Company’s 2024 earnings distribution proposal and business report.

(10) The 7th meeting of the 5th Audit Committee (Date: April 29, 2025)
● Approved the Company’s 2025 Q1 consolidated financial statements.
● Approved the proposal of acquisition or disposal of right-of-use assets related to real estate from the Company’s related parties.

(11) The 8th meeting of the 5th Audit Committee (Date: July 29, 2025)
● Approved the Company’s 2025 Q2 consolidated financial statements.
● Approved the motion to change the custodian of the Company’s registered corporate seal filed with the Ministry of Economic Affairs.
● Approved amendments to the Company’s integrity management–related policies.
● Approved the proposal of acquisition or disposal of right-of-use assets related to real estate from the Company’s related parties.

(12) The 9th meeting of the 5th Audit Committee (Date: October 28, 2025)
● Approved the Company’s disposal of equity interests in President Securities Investment Trust Co., Ltd.
● Approved the Company’s 2025 Q3 consolidated financial statements.
● Approved the Company’s 2025 financial statements and profit-seeking enterprise income tax auditing and certification fees.
● Approved amendments to the Company’s 2026 Internal Control System.
● Approved the Company’s 2026 audit plan.
● Approved the proposal of acquisition or disposal of right-of-use assets related to real estate from the Company’s related parties.

(13) The 10th meeting of the 5th Audit Committee (Date: December 9, 2025)
● Approved amendments to the Company’s Integrity Management Policy and Code of Conduct.
● Approved the Company’s investment in the construction of an office building and shopping mall.
● Approved the proposal of acquisition or disposal of right-of-use assets related to real estate from the Company’s related parties.

(14) The 11th meeting of the 5th Audit Committee (Date: December 18, 2025)
● Approved corrections to the Company’s quarterly financial statements from Q2 2023 to Q3 2025.

Name Education and experience
Chen, Liang For detailed information on the committee member’s current position, education, and experience,please click here.
Hsu, Ke-Wei For detailed information on the committee member’s current position, education, and experience,please click here.
Hung, Yung-Chen For detailed information on the committee member’s current position, education, and experience,please click here.

The Remuneration Committee shall exercise due diligence as a prudent manager and faithfully perform the following duties, submitting the proposed recommendations to the Board of Directors for discussion.

  1. Draw up and regularly review the performance evaluations for directors and managers and remuneration policies, system, standards, and structure.
  2. Regularly evaluate and stipulate remuneration for directors and managers.

PCSC’s Remuneration Committee was established on August 19, 2011, and is comprised of all three independent directors.

The Remuneration Committee meets at least twice a year. The term of office for current members: June 12, 2024 to May 29, 2027.

There had been a total of 4 meeting of the Remuneration Committee between 2024 and 2025. The independent directors’ attendances are detailed below:

Title Name Meetings Attended Personally in 2024~2025
Convener Hsu, Ke-Wei 4
Member Hung, Yung-Chen 4
Member Chen, Liang 4

Major resolutions approved at Remuneration Committee:

(1) The 5th meeting of the 5th Remuneration Committee (Date: February 26, 2024)
● Resolution to the 2023 employee and director earnings distribution proposal and appropriation.
● Results: Resolution passed.

(2) The 6th meeting of the 5th Remuneration Committee (Date: April 29, 2024)
● Remuneration actually paid to Company directors and managers in 2023.
● Results: Resolution passed.
● Amended the Board of Directors' compensation allocation ratio.
● Results: Resolution passed.

(3) The 1st meeting of the 6th Remuneration Committee (Date: February 25, 2025)
● Report on the Results of the 2024 Board of Directors Performance Evaluation。
● Resolution to the 2024 employee and director earnings distribution proposal and appropriation.
● Results: Resolution passed.。
● Definition of Non-Management Employees and the Ratio of Remuneration Allocation
● Results: Resolution passed.
● Amendment to the Articles of Incorporation
● Results: Resolution passed.
● Partial Amendment to the Policy on Directors’ Congratulatory and Condolence Matters
● Results: Resolution passed.

(4) The 2ed meeting of the 6th Remuneration Committee (Date: April 29, 2025)
● Report on the Comparison of Compensation Levels of Directors and Managers for FY2024
● Remuneration actually paid to Company directors and managers in 2024.
● Results: Resolution passed.

There are no written or otherwise recorded resolutions on which a member of the Remuneration Committee had a dissenting opinion or qualified opinion.

Name Education and experience
Chen, Liang For detailed information on the committee member’s current position, education, and experience,please click here.
Hsu, Ke-Wei For detailed information on the committee member’s current position, education, and experience,please click here.
Hung, Yung-Chen For detailed information on the committee member’s current position, education, and experience,please click here.

IMPLEMENTATION OF EVALUATION PROCEDURES

(THE 2024 EVALUATION RESULTS REPORTED TO THE BOARD OF DIRECTORS ON FEBRUARY 26, 2025.)

Evaluation cycle Evaluation period Evaluation scope Evaluation methods Evaluation details
Execute once a year January 1, 2024 to December 31, 2024 Performance evaluation of Remuneration Committee Performance evaluation of Remuneration Committee
  • Participation in the Company operations
  • Awareness of functional committee’s duties
  • Improve decision-making quality of functional committees
  • Composition of functional committee and selection of members
  • Internal control

EVALUATION RESULTS:

Evaluation Scope Item Score
A. Participation in the Company operations 4 4.92
B. Improve the quality of board decisions 7 4.93
C. Board composition and structure 7 4.95
C. Board composition and structure 3 4.89
E. Internal control 3 NA
Results in Average 24 4.92

  • The Remuneration Committee operates effectively and demonstrates a strong understanding of the Company’s objectives and responsibilities. Its agreed goals and operational performance indicators are aligned with governance requirements, effectively supporting the Company’s sustainable operations, social responsibility, risk management, and long-term strategic development, and reflecting the principles of sound corporate governance.
  • Based on the results of this performance evaluation, the Company will continue to enhance the professional expertise and depth of engagement of Remuneration Committee members, as well as optimize meeting procedures, to further strengthen the effectiveness of corporate governance.
  • The Remuneration Committee achieved a 100% attendance rate during the evaluation period.

To fulfill Corporate Social Responsibilities and sustainable development, the Board of Directors approved to establish Corporate Social Responsibility Committee, which is directly under the Board of Directors. The Board of Directors also made resolution to adopt independent directors in Corporate Social Responsibility Committee and approved Corporate Social Responsibility Committee Charter on December 12nd, 2018. And in June 24, 2021, the Corporate Social Responsibility Committee and its Charter were renamed as the Sustainable Development Committee.

Sustainable Development Committee consists of three members, three independent directors Hsu, Ke-Wei, Chen, Liang and Hung, Yung-Chen. The committee is responsible for proposing and implementing concrete plans related to CSR and ESG policies, systems, or relevant management guidelines. Wu, Wen-Chi, the committee convener and CFO, holds dedicated responsibility for managing ESG and sustainability issues.  (Please refer to the Sustainable Development Committee Charter on PCSC website for details.)

Sustainability-related Professional Expertise and Competencies of Committee Members:
Hsu, Ke-Wei: Risk & Crisis Management, Climate Strategy, Human Capital Management, and Occupational Health & Safety
Chen, Liang: Corporate Governance, Environmental Policies & Management, and Human Rights & Human Capital Management
Hung, Yung-Chen: Information & Cybersecurity, Sustainable Materials Management, and Customer Relationship Management & Data Privacy Protection
Wu, Wen-Chi: Accounting and Finance, Administration and International Markets perspectives (term ended on July 30, 2025)
Hsieh, Lien-Tang : Business and Operation Management and International Markets perspectives (term ended on July 30, 2025)
Lua, Wen-Ji: Sustainable Development and Management, Information Security Management, Strategy of Intellectual Property and International Markets perspectives (term ended on July 30, 2025)

Implementation: The Sustainable Development Committee hold meetings at least twice a year.

The committee held 2 meetings in 2024, which were on June 25 and December 18 and 2 meetings in 2025, which were on June 26 and December 9. Member attendance is detailed below:

Title Name Meetings Attended Personally in 2024~2025
Member (Independent Directors) Hung, Yung-Chen 4
Member (Independent Directors) Hsu, Ke-Wei 4
Member (Independent Directors) Chen, Liang 4
Member Wu, Wen-Chi (CFO)(Note) 3
Member Hsieh, Lien-Tang (Note) 3
Member Lua, Wen-Ji (Note) 3

Note:Wu, Wen-Chi, Hsieh, Lien-Tang, and Lua, Wen-Ji were dismissed on July 30, 2025

Topics Reported/Discussed of Sustainable Development Committee:

(1) The 1st meeting of the 3rd Sustainable Development Committee (Date: June 25, 2024)
 1. Topics Reported:
  - The progress of Sustainability Report 2024 and the reports of DJSI, CDP, and TCFD projects
 2. Items Discussed:
  - The amendment of President Chain Store Corporation Sustainable Development Code of Practice
  - The amendment of President Chain Store Corporation Sustainable Development Committee Charter
  - Approved the contents of the PCSC Sustainability Report 2023
 
(2) The 2nd meeting of the 3rd Sustainable Development Committee (Date: December 18, 2024)
 1. Topics Reported:
  - PCSC 2024 sustainability project results and future directions for sustainability in 2025.
  - The results of DJSI, CDP and TCFD projects in 2024 and plan in 2025.
 2. Items Discussed:
  - Approved PCSC 2024 sustainability project results and future directions for sustainability in 2025

(3) Sustainable Development Committee reported to the Board of Directors (Date: December 19, 2024)
  - Report ESG, risk and cybersecurity security, intellectual property, and ethical corporate plans and results in 2024.

(4) The 3rd meeting of the 3rd Sustainable Development Committee (Date: June 6, 2025)
 1. Topics Reported:
  - the PCSC Sustainability Report
  - Guidance for the 2025 Sustainability Report and Progress Update on Sustainability Projects
 2. Items Discussed:
  - The amendment of President Chain Store Corporation Sustainable Development Committee Charter
- Approved the contents of the PCSC Sustainability Report 2024

(5) The 4th meeting of the 3rd Sustainable Development Committee (Date: December 9, 2025)
 1. Topics Reported:
  - PCSC Sustainability Awards Trend Report
- PCSC 2025 sustainability project results and future directions for sustainability in 2026.
- Review of Uni-President Store’s 2025 International Evaluation Results and Overall Plan for 2026.
 2. Items Discussed:
  - PCSC 2025 sustainability project results and future directions for sustainability in 2026.
- The amendment of President Chain Store Corporation Sustainable Development Committee Charter
- The amendment of President Chain Store Corporation Sustainable Development Code of Practice

(6) Sustainable Development Committee reported to the Board of Directors (Date: December 10, 2025)
Report ESG, risk and cybersecurity security, intellectual property, and ethical corporate plans and results in 2025.

Committee Name Education and experience
Sustainable Development Committee Hsu, Ke-Wei
(Independent Directors) 		Current position:Legal advisor of Holding Disp. Co., Ltd.
Education:Master of Laws (LL.M.), University of Pennsylvania Law School;Master of Business of Administration (MBA), University of Pennsylvania Wharton School
Experience:Independent Director, Mr. Hsu joined the Board in 2021. In addition to serving as the Chair of the Remuneration Committee, he is also a member of the Audit Committee, the Sustainable Development Committee, and the Integrity, Risk and Cybersecurity Management Committee.
He has extensive practical experience in international M&A, intellectual property and financing, and is particularly skilled in legal affairs.
Mr. Hsu previously served as Senior Advisor at Jones Day International Law Firm. Since 2013, he has been the Legal Advisor for Holding Disp. Co., Ltd., and from 2017 to 2019, he served as Chief Legal Officer and Legal Advisor for Neobards Entertainment Limited. From January 2019 to June 2025, he was an Independent Director in Nidec Chaun-Choung Technology Corporation.
In addition, in 2013, he delivered a lecture on “Correct Concepts of Due Diligence in Mergers and Acquisitions” at the Taipei Bar Association, which covered practical risk management strategies and relevant case studies in M&A. With extensive expertise in legal affairs and risk management, Mr. Hsu provides the Company with valuable industry insights.
Sustainable Development Committee Chen, Liang
(Independent Directors) 		Current position:Chairman of Peak Capital Holdings Inc., and Co-Center Company Limited.
Education:MBA, Baruch College of CUNY
Experience:Independent Director, Mr. Chen joined the Board in 2021. In addition to serving as the Chair of the Audit Committee and the Sustainable Development Committee, he is also a member of the Remuneration Committee, the Sustainable Development Committee, and the Integrity, Risk and Cybersecurity Management Committee.
Mr. Chen has extensive expertise in finance. He previously served as Vice President of the Securities Trading Division at Smith Barney Investment Bank in New York, Senior Vice President of the International Investment Division at Oppenheimer & Co. Inc. in New York, Executive Director and Head of Asia at PaineWebber Investment Bank, and Director at a Taiwan Financial Holding Co., Ltd. He possesses a professional background in international finance, corporate M&A, financing and investment, as well as the development of Asian markets. He was in charge of the acquisition of American biscuit company by Taiwan PECOS’ and has supported multiple overseas fundraising and IPO projects for various companies.
From 2004 to 2007, he served as an external director of Shanghai First Foodmall Corp., where he focused on promoting brand awareness and value of consumer goods in Shanghai. In 2008, he was appointed as the Taipei Office Representative of PaineWebber Investment Bank, overseeing the Taiwan PECOS’ acquisition of American biscuit company. In addition, he also contributed to numerous overseas fundraising and IPO projects, with responsibilities including M&A risk assessment and practical risk management.
From June 2011 to April 2025, he served as a Supervisor of First Commercial Bank Co., Ltd., overseeing the bank’s risk management policies, including the identification, measurement, monitoring, and control of risks. He promoted a risk management-oriented operational model through deliberation, supervision, and coordination.
Sustainable Development Committee Hung, Yung-Chen
(Independent Directors) 		Education:Ph.D. in Information Engineering, National Taiwan University
Experience:Independent Director, Mr. Hung joined the Board in 2018. In addition to serving as the Chair of the Integrity, Risk and Cybersecurity Management Committee, he is also a member of the Audit Committee, Remuneration Committee and the Sustainable Development Committee.
Mr. Hung served as a Professor in the Department of Computer Science and Information Management at Soochow University during 2008 to 2022. He also has extensive experience in information technology and the retail industry.
He is the author of a book on information network security titled "Intellectual Property Strategy, Patent Attack and Defense", published by Wu-Nan Book Inc. The book focuses entirely on case studies related to information network security and includes practical approaches to risk management. From 1988 to 1991, he served as a Technical Consultant at the Institute for Information Industry. From 2000 to 2001, he was a Senior Fulbright Visiting Scholar in the United States, conducting research at the University of California, Los Angeles (UCLA) and the University of Southern California (USC). Between 2005 and 2006, he was a Visiting Scholar at Peking University and delivered guest lectures through the ACUCA Lectureship program at Petra Christian University.
Since 2015, he has successively served as an arbitrator for the Chinese Arbitration Association, Taipei; the Shanghai International Economic and Trade Arbitration Commission; and a dispute reviewer for the Beijing Arbitration Commission. He has also served as a patent examiner for the Intellectual Property Office. His expertise lies in the fields of information network security, mobile e-commerce, multimedia systems, and intellectual property strategy.

In order to implement risk management, the Board of Directors approved to establish the Risk & Cybersecurity Management Committee, which is directly under the Board of Directors. In order to improve organizational regulations, the Board of Directors approved to amend President Chain Store Corporation Risk and Cybersecurity Management Committee Charter. On July 30, 2025, The Board of Directors approved the amendment of the structure and rename to Integrity, Risk and Cybersecurity Management Committee.
The committee consists of three members, including three independent directors Hung, Yung-Chen, Chen, Liang, Hsu, Ke-Wei. The committee is responsible for formulating the policies of risk and cybersecurity management, reviewing the policies and plan, assessing risk appetite, ensuring mechanism of risk management, and etc.

There are three committees directly under the Committee, which are Risk Management execution office, Cybersecurity Execution Office, and Integrity Management Promotion Team.


The policy and procedure of risk management

Our board of directors is the highest decision-making unit for risk management. The Board reviews and approves the overall risk management policies and framework based on business strategy and environmental changes to ensure the effectiveness of risk management. The board of directors approved the Risk Management Policy of PCSC in July 2020 and modified the Risk Management Policy and Procedure on 1 November 2023 and 19 December 2024, as the highest instruction for PCSC’s risk management. In 2025, in response to adjustments to the organizational structure and the number of committee members, the Organizational Charter of the Integrity, Risk & Cybersecurity Management Committee was revised. The Integrity Management Promotion Team was merged into the Risk Management Execution Office, and the committee was renamed the Integrity, Risk & Cybersecurity Management Committee. In addition, the number of committee members was adjusted from six to three.

Risk management of the Company is based on its relevant policies and internal control systems etc., which is identified, analyzed, measured, monitored, responded, reported and improved response measures by each team under each committee in accordance with the characters of risks and level of effect in each of their responsible business.

Please refer to Risk Management Policy and Procedure of PCSC

The scope of risk management

Risk management scope of the Company includes, without limitation, operational risk, market risk, financial risk, compliance risk, climate risk and other risks which may incur significant loss to the Company (excluding information security risk). Each risk management team conducts risk management in respect to each of their responsible business and continues to pay attention to the development of international and domestic risk management in order to identify emerging risks.

Framework

In July 2020, our board of directors approved to establish the Risk & Information Security Management Office, which is directly responsible to our Sustainable Development committee. And in December 2022, the board of directors approved to separate Risk and Information Security Management Office into Cybersecurity Execution Office and Risk Management Committee which are under Sustainable Development Committee.

On 1 November 2023, our Board of Directors approved to establish the Risk & Cybersecurity Management Committee, which is directly under the Board of Directors. In the meantime, Cybersecurity Committee and Risk Management Committee, which were under the Sustainable Development Committee, were moved to the Risk & Cybersecurity Management Committee. And on 19 December 2024, the Board of Directors approved that Risk Management Committee was renamed Risk Management Execution Office and Cybersecurity Committee was renamed the Cybersecurity Execution Office.

On July 30, 2025, The Board of Directors approved the amendment of the structure and rename to Integrity, Risk and Cybersecurity Management Committee. There are three committees directly under the Committee, which are Risk Management execution office, Cybersecurity Execution Office, and Integrity Management Promotion Team.

business execution explained below:

Company implement risk management mechanism, periodically hold the Risk Management Execution Office meeting, assess the risk semi-annually and report to the board of directors once a year. The 2025 operation is detailed below:

‧ Each team identify and report risk periodically. In 2025, 46 risk scenario had been identified, including sustainability-related risks, labor shortage risks. We had established the control measure.

‧ The Risk Management Execution Office reported the operation results, the risk evaluation and response to the Integrity, Risk & Cybersecurity Management Committee on 24 June 2025 and 9 December 2025 and the board of directors on 10 December 2025.

(1) Cybersecurity risk management framework

  • Cybersecurity governance organization

    To align with the Company's cybersecurity governance needs and practical operations, the cybersecurity framework is strengthened and adjusted annually:

    • 2022: The Company established a Chief Information Security Officer (CISO) role and a dedicated cybersecurity unit under the AI Digital Group, comprising a dedicated manager and two specialized staff members. Simultaneously, a Cybersecurity Committee was established under the Sustainable Development Committee.
    • November 2023: A Risk & Cybersecurity Management Committee was established directly under the Board of Directors. The Cybersecurity Committee was then relocated from the Sustainable Development Committee to operate under this new board-level committee.
    • December 2024: The Cybersecurity Committee was renamed the Cybersecurity Execution Office, and the team was expanded with the addition of one specialized staff member to enhance operational capacity.
    • June 2025: Following a Board of Directors resolution, the committee was reorganized to incorporate the Integrity Task Force and was officially renamed the Integrity, Risk, and Cybersecurity Management Committee.

    Integrity, Risk and Cybersecurity Management Committee is chaired by an independent director, Mr. Hung, Yung-Chen, with a background in cybersecurity. The Cybersecurity Execution Office is led by the Chief Information Security Officer (CISO), is responsible to oversee the cybersecurity, to coordinate the management of cybersecurity risks, formulate information security risk management policies and promote the strengthening of information security management, and regularly report the implementation progress to Integrity, Risk and Cybersecurity Management Committee .

  • Cybersecurity organization framework

    The cybersecurity execution office assigned a special unit for information security, provided resources for information security project implementation, and reviewed the results of the information security project. The special unit for information security assisted the committee in monitoring information security threats, evaluating and verifying emerging information security technologies, and regularly reported to the Risk & Cybersecurity Management Committee security governance issues, directions, and the effectiveness of information security governance:

    (1) Information security implementation team: Responsible for managing, assigning management and working teams to promote cybersecurity related projects, and coordinating the implementation results and reporting to the cybersecurity execution office for review.

    (2) Emergency response team: In the event of a major cybersecurity incident, the emergency response team assigns personnel from relevant units to form an emergency response team based on the impact on Company operations and which is responsible for contacting and convening members of the emergency response team to be responsible for various emergency response operations and coordinating the deployment of resources.

    (3) Audit team: The audit team is appointed by the Information Security Executive Team or the Audit Office to coordinate and assign the internal audit of the information security management system.

  • Information security risk management mechanism

    The Company established the Information Asset and Risk Assessment Management Standard to address cybersecurity risks and establish risk assessment criteria for information and communication systems and services, and conduct risk management based on the value of the information and communication systems to the Company's operations, the degree of vulnerability of the information and communication systems, and the types of threats, impact levels, and occurrence rates. We use vulnerability scanning, penetration testing, and red team exercises to conduct data security strength audits of information communication systems and services. Through the process of risk management and continuous improvement, we will reduce the threat of hacking groups and human negligence, and establish sensitive data protection in compliance with laws and regulations, and an information security environment that protects the personal data of consumers and the confidential data of business operations.
    President Information Corp., which is responsible for the maintenance of information and communication systems and services, has expanded the scope of information protection insurance and professional liability insurance to include both the Company and President Information Corp. as insured under the information specialist insurance policy.

  • Emergency notification and response procedures for information security incidents

    We have established relevant regulations for contingency measures for major information security incidents to serve as a basis for the cybersecurity execution office's emergency response team in the event of an information security incident. Furthermore, practical rehearsals are conducted to familiarize responsible colleagues with the notification and handling procedures. In order to enhance employee crisis awareness of information security risks, regular training on information security risk awareness is held to implement the effectiveness of cybersecurity management measures.

(2) Cybersecurity policies

The Company has established a cybersecurity policy that complies with laws and regulations and clearly declares its support for cybersecurity objectives, so that all Company employees can follow it and reduce the impact of any information security incidents. The Company will continue to operate and improve its cybersecurity management system to protect the interests of the Company and consumers.
Using ISO/IEC 27001 as the framework for cybersecurity management, we continuously passed and acquired the ISO/IEC 27001 international information security management system certification in November 7, 2025 (The certificate is valid until January 10, 2029).

Here is the Cybersecurity Policy

(3) Specific management solutions

1) We joined TWCERT information security alliance and received information security information from time to time to strengthen information security joint defense and enhance employee information security awareness.
2) We regularly perform vulnerability scans, penetration tests, and email socialization projects to constantly enhance our data security capabilities.
3) We hold personal information protection and information security education courses for all employees every year and send out information security e-newsletters regularly.
4) In order to ensure that the personal information of consumers is not leaked, before an app is launched for consumers to use, it must pass the information security test, and the subsequent updates of the app must also pass the information security test and obtain security certificates before being launched.
5) The introduction of ISO 27001 enabled our cybersecurity system to comply with international standards.
6) We conduct red team exercises to simulate a full-scale attack by hackers to identify potential backdoors, vulnerabilities, and any channels that may cause cybersecurity incidents in order to strengthen information security protection.
7) Our service contracts with third-party service providers require that they comply with confidentiality and information security regulations. In the event of an information security incident, the outsourced service provider must immediately resolve technical problems caused by network attacks and ensure the confidentiality, integrity, and usability of the Company's and consumers' data.
8) We implemented a two-factor authentication mechanism to strengthen the security of identity verification.
(1) Vulnerability Analysis: We entrusted third party (KPMG Advisory Services Co., Ltd.) to conduct vulnerability analysis for 54 information systems, including the SAP human resource system, the billing system, the e-commerce system, mobile apps, the membership system, the intra-communication platform, the franchise system, the administrative system and the inventory systems. We have completed 919 times of scan, and revealed 369 risks in the first run of scan. After correction plans have been implemented, all the system passed vulnerability analysis in the second run of test.
(2) Penetration test: We entrusted third party (KPMG Advisory Services Co., Ltd.) to conduct a penetration test on 92 official websites. The manual penetration test launched actual attacks to understand the possible occurrences of security issues in each part, as well as the risks and impacts caused by the weaknesses before presenting them in the final report. 72 weaknesses were discovered in the initial penetration test, which were repaired during the retest.
9) We conduct internal audits at least once a year, covering the scope of the Information Security Management System implementation and information security metrics. For the year 2024, the internal audit of the information security system was completed in October. The audit included checking the implementation of the Information Security Management System and compliance with relevant regulations. Any improvements identified have been addressed and tracked according to the plan, and submitted to the audit team for approval.

2025 Internal Audit Report on Information Security

(4) Resources devoted to cybersecurity management

1) In accordance with the ISO 27001 international standard for information security, we have established information security-related regulations, including cybersecurity education and training and continuous operational drills, to raise employee awareness of information security and to effectively reduce the risk of improper use, leakage, tampering, or destruction of information assets due to human error or natural disasters.
2) The Company and its 35 affiliates perform at least two email social engineering exercise each year, with as many as 9,000 people participating. Beginning in 2026, affiliated companies will conduct email-based social engineering simulation exercises at least four times per year.
3) Members of the Company's staff completed one hour of information security training this year and information personnel have completed at least three hours of professional training in information communication and publish 12 E-papers.
4) In 2026, we expect to invest about NT$99 million in information security, which is about 8.8% more than the previous year.

(5) Escalation process for employees to report incidents, vulnerabilities or suspicious activities

To effectively manage and mitigate the impact on important information assets and operations, employees of the company should immediately report any suspected information security incidents to the Information Security Management Team via phone or email. They should describe the signs and potential sources of the incident to help the team determine whether it constitutes an information security incident and assess the scope of affected information operations. Additionally, the incident should be reported to the coordinator.


The List and Professional Competence of Members and the Implementation in 2024~2025:

  • The committee hold meetings at least twice a year and report to the board of directors regularly.
  • The 1st meeting of the 2nd Risk & Cybersecurity Management Committee (Date: June 25, 2024):
    - Report of operation of the Risk & Cybersecurity Management Committee, Risk Management Committee, and Cybersecurity Committee.
  • The 2nd meeting of the 2nd Risk & Cybersecurity Management Committee (Date: December 18, 2024):
    - Report of operation of the Risk & Cybersecurity Management Committee, Risk Management Execution Office, and Cybersecurity Execution Office.
  • Risk & Cybersecurity Management Committee reported to the Board of Directors (Date: December 19, 2024):
    - Report of operation of the Risk & Cybersecurity Management Committee, Risk Management Execution Office, and Cybersecurity Execution Office.
    - Amended the policies of President Chain Store Corporation Risk and Cybersecurity Management Committee and Risk Management Execution Office.
  • The 2nd meeting of the 3nd Integrity, Risk & Cybersecurity Management Committee (Date: June 24, 2025):
    - Report of operation of the Integrity, Risk & Cybersecurity Management Committee, Integrity Management Promotion Team, Risk Management Execution Office, and Cybersecurity Execution Office.
  • The 2nd meeting of the 4nd Integrity, Risk & Cybersecurity Management Committee (Date: December 09, 2025):
    - Report of operation of the Integrity, Risk & Cybersecurity Management Committee, Integrity Management Promotion Team, Risk Management Execution Office, and Cybersecurity Execution Office.
  • Integrity, Risk & Cybersecurity Management Committee reported to the Board of Directors (Date: December 10, 2025):
    - Report of operation of the Integrity, Risk & Cybersecurity Management Committee, Integrity Management Promotion Team, Risk Management Execution Office, and Cybersecurity Execution Office.
    - Amended the policies of President Chain Store Corporation Integrity, Risk and Cybersecurity Management Committee and Risk Management Execution Office.

Member Name Meetings Attended
Personally in 2024~2025
Convener (Independent Directors) Hung, Yung-Chen 4 time
Member (Independent Directors) Chen, Liang 4 time
Member (Independent Directors) Hsu, Ke-Wei 4 time
Member Wu, Wen-Chi (Note) 3 time
Member Lua, Wen-Ji (Note) 3 time
Member Lin, Kuan-Yi (Note) 3 time

Note:Wu, Wen-Chi, Lua, Wen-Ji, and Lin, Kuan-Yi were dismissed on July 30, 2025.

Copyright © , President Chain Store Corporation. All rights reserved.
Privacy