■ Board Structure

---

WINSTAR set up the corporate governance system, implementing and abiding by relevant laws and regulations in order to protect shareholders' rights, achieve shareholder equality, strengthen the functionality of the Board of Directors, improve information transparency, and carry out corporate social responsibilities. Meanwhile, by establishing an effective corporate governing structure, WINSTAR can enhance management and operation, thereby increasing competitiveness. Our Board of Directors is competent in the following aspects:

▸ List of Directors

▸ Directors’ Biographies

※Note：● Capable；○Partially Capable

▸Succession Planning for the Board Members and the Key Management

With the goal of sustainable development, WINSTSR has a mature election system and succession planning for our Board members and key managers:

• WINSTAR's "Articles of Incorporation" and " Procedures for the Election of Directors" stipulate the number and tenure of the company's directors. The shareholders' meeting is in charge of electing the members of the Board of directors through electoral nomination.
• The Board of Directors shall keep its member diversity and maintain the operation and development by considering (but not limited to) the Board’s conditions, values, and professional knowledge and skills. The selected Board members shall possess knowledge, skills, and cultivation to perform their duties to achieve the ideal goal of corporate governance. The required capabilities for the Board of Directors are as follows:1.Operational judgment ability;2.Accounting and financial analysis skills;3.Business management ability;4.Crisis management ability;5.Industry knowledge;6.Global perspective;7.Leadership;8.Decision-making skills.
• WINSTAR formulated the "Rules for Performance Evaluation of Board of Directors" and set the performance goals to evaluate the Board's functions and efficiency, building up the reference for the future Board member election and nomination.
• The company conducts yearly employee reviews, selecting and cultivating in-company management talents to build up the talent pool of critical management.
• WINSTAR keeps seeking professionals and talents to build up a solid database for future management.

■ Communication with independent directors

---

• WINSTAR's internal auditors regularly execute the examination of the audit report and make the follow-up report based on the response to the questions raised by the independent directors. Before the end of the next month, the internal auditors would submit the report to the independent directors for review.
• The internal auditors shall regularly attend the Audit Committee and report the audit affairs to the independent directors.
• The internal auditors hold regular communication meetings with independent directors to discuss the audit deficiencies, the internal audit and control systems, and internal assessment results.
• Depending on the actual needs, the internal auditors can contact and discuss with the independent directors in person, by telephone, or by e-mail at any time.

Regular Communications Between the Independent Directors and Internal Auditors:

■ Functional Committees

---

▸ Compensation Committee

The Compensation Committee assists the Board in executing and evaluating the compensation and benefits policies of all WINSTAR's employees and the compensation of WINSTAR's directors and managers.
According to WINSTAR's "Organizational Rules of the Compensation Committee," the members of the Compensation Committee are appointed by the resolution of the Board of Directors. In WINSTAR’s Compensation Committee, there are at least three members, and more than half are independent directors, of whom the committee members would elect one as the convener.

The 1st Compensation Committee Meeting

▸ Audit Committee

The Audit Committee assists the Board in fulfilling its oversight of the quality and integrity of the accounting, internal audit, financial report, and financial control. The Audit Committee is responsible for reviewing the following matters:

• The company's financial statements.
• Selection and dismissal of certified accountants and review of their independence and performance.
• Effectiveness of the company's internal control systems.
• The company's compliance with the relevant laws and regulations.
• Management and control of the company's existing or potential risks.

The 1st Audit Committee Meeting
▸ Performance Evaluation of the Board of Directors and the Committees
WINSTAR regularly conducts internal performance evaluations to improve the operation of the Board of directors and functional committees. The evaluation results are as follows:

■ Major Policies

---

1. Articles of Incorporation - File
2. Corporate Governance Code - File
3. Ethical Corporate Management Best Practice Principles - File
4. Sustainable Development Principles - File
5. The Codes of Ethics - File
6. Organizational Rules of the Compensation Committee - File
7. Rules of Procedure for the Board of Directors - File
8. Procedures for the Election of Directors - File
9. Rules Governing the Scope of Powers & Duties of Independent Directors - File
10. Measures of Performance Evaluation of the Board of Directors and Functional Committees - File
11. Rules and Procedures of Shareholders Meeting - File
12. Organization Rules of Audit Committee - File
13. Risk Management Policies and Procedures - File
14. Regulations of Financial Affairs Between Related Parties - File
15. Procedures of Loaning of Funds - File
16. Management of Insider Trading Prevention - File
17. Procedures for Endorsement and Guarantees - File
18. Procedures for Acquisition or Disposal of Assets- File

 

■Procedures for Reporting Illegal and Unethical Conducts

---

Honesty, legality, and ethical norms are WINSTAR's core values; we apply them to all our business conducts. As no illegal and unethical behaviors are tolerable, WINSTAR formulated the "Ethical Corporate Management Best Practice Principles" and the "The Codes of Ethics" to restrain them. When the employee notices any breach of the regulations or laws, he/she shall report it immediately to the independent directors, the management, the internal auditors, or the relevant departments. There is a specific reporting procedure for WINSTAR's employees to disclose illegal and unethical conduct:

1. The employees can send the issue reports to a specific e-mail address.。
2. A person or department is assigned to review the reports. If the issue involves the company's director or the upper management, it shall be reported to the independent directors. Different investigation procedures would be adopted depending on the issue type.
3. After the investigation, follow-up measures would be implemented. The case would be transferred to the competent or judicial authority when necessary.
4. The investigation of the case, the measure implementation, and other relevant records would be saved and well-preserved.
5. The whistleblower's identity and the report content would remain confidential. Anonymous whistleblowing is allowed.
6. The whistleblower would be protected from any harm or improper treatment.
7. An incentive system is implemented for the employees reporting suspected or happened violations.
8. Suppose the reported issue is confirmed true after investigation, the violator's information, such as the job title, name, date of violation, investigation results, and follow-up measures, would be disclosed on the company's internal website.

■ Organization and Operation of Internal Audit

---

▸ Purpose

WINSTAR's Internal Audit aims to assist the Board of Directors and the management in reviewing the effectiveness and efficiency of the internal control system and providing timely improvement suggestions. The internal audit can ensure the internal control system is operating consistently and effectively, which would be a solid reference for future system refinement.

▸ Organization

Winstar's Internal Audit function is an independent unit that reports directly to the Board of Directors. There are one internal audit manager and several internal auditors in the unit.

▸ Operation

• Formulation and implementation of the annual audit plan: The annual audit plan (including the monthly audit items) is formulated based on the risk assessment results and approved by the Board of Directors; the same shall be applied to any amendment thereto.
• Project Auditing: When the internal audit requirement is caused by a specific demand, management instruction, or abnormality of the audit results, it is necessary to understand the need thoroughly and make a related report as the reference for future measures.
• Internal Audit Report:

1.Any deficiencies or abnormalities found via the internal control shall be recorded in the audit report. The issue shall be tracked and included in quarterly follow-up reports until timely improvements are made.
2.The audit report and follow-up report shall be submitted to independent directors for review before the end of the following month after the audit project is completed.
3.If the internal auditors discover major violations or the company is in danger of significant damage, they shall immediately notify the independent directors in the report format.
4.The internal auditors shall uphold the spirit of detachment and independence, perform their duties objectively and impartially, and demonstrate professionalism. The internal auditors shall report the audit work to the independent directors and the Board of Directors on a regular basis.

■ Cyber Security & Risk Management

---

▸ Cyber Security Policy
 

Enhance personnel awareness and prevent data leaks, ensuring daily maintenance and guaranteeing service availability.

The information security objectives of our company are as follows:

1. Ensure a certain level of system availability for critical core systems of the company.
2. Protect the integrity and accuracy of the company's information operations management, preventing unauthorized access and modifications.
3. Conduct information security education and training to reinforce personnel understanding of information security responsibilities and awareness of protecting information assets, reducing the risk of information security incidents.
4. Conduct regular audit operations to ensure the effective implementation of information security management.

▸ Risk Management Structure

1.  Personal authorization control: The employee shall apply for official permission to access the information system. Each department is responsible for supervising and tracking its employees' cyber use.
2.  Firewall Configuration: A firewall is configured within WINSTAR's network system for internal and external cyber security control.
3.  Data access and storage management: Improper data access or storage is prohibited. If there is any specific need to access data, approval from the upper management is required.
4.  Backups and redundancy: WINSTAR's redundancy device would automatically protect and restore the data when the hardware is damaged. Backups for the system and database and remote file redundancy run on a regular basis, and the relevant department must check and record the backup data occasionally.
5.  Installment and update of the anti-virus software: To avoid external attacks from outside, for example, hacker attacks, our IT department checks and evaluates the anti-virus software regularly.
6.  Data classification: Data and files are classified according to confidentiality level and managing methods, marking with warning labels, watermarks, etc. High-classified data ought to be managed by the specialist.
7.  Physical space safety: The computer room and device storage place shall be maintained by the IT department with necessary protective measures, such as lock-up, uninterrupted power system configuration, regular electricity safety checkups, stored temperature and humidity control, consumables replacement, and computer room inspection, etc.
8.  Employee training and dissemination: WINSTAR organizes regular training about cyber security for the employees. Meanwhile, through periodic dissemination, WINSTAR enhances the knowledge and awareness of all employees on cyber security and information protection.
9.  Personnel control and inspection: The employees are jointly responsible for the company's information security and data protection. Therefore, if there is any staff that may cause danger to WINSTAR's cyber system, other employees from the same department are obligated to report the situation to the IT department and take corresponding measures promptly.

security scope covers the following areas:

▸ Effectiveness of cyber security implementation

So far, no cyber incidents causing the company and customers' loss or information system violations resulted in customer complaints at WINSTAR.