(5) TAIFEX built a cloud-based testing environment for the trading system and established secure internet connections through which to test trading and the distribution of market information, thereby providing firms with a secure, convenient, and low-cost testing environment. (6) In the area of information security, TAIFEX's high, intermediate, and low information-security computer systems passed ISO 27001:2013's semiannual follow-on audits. We also continued to improve our network security management, data protection, security operations center (SOC) operations, and web-services monitoring systems. We rehearsed responses to distributed denial of service (DDoS) attacks with securities and futures firms, and securities- and futures-related organizations; and held joint training exercises on social engineering with related organizations. We also regularly conducted intrusion detection, vulnerability scanning, information-security diagnostics, and system-backup exercises to strengthen our information-security mechanisms and improve our IT operations. (7) TAIFEX implemented items related to the Securities and Futures Market IT Operations Integration Program, and completed the Comprehensive Examination and Update of Securities and Futures Market Information Architecture Standards. We completed the migration of our trading- information statistics-management system to a different programming language to meet the integration program's architecture standards. We also simplified processes and strengthened the capabilities of existing systems to improve our services and enhance our operational efficiency. 8. 內部稽核 除對各部門自行評估報告加以覆核，並 依年度稽核計畫，就交易、結算、監視、期 貨商輔導、資訊、企劃、內部管理及資通安 全等作業進行查核，並將查核結果，按季提 陳董事會及陳報主管機關。 8. Internal Audit TAIFEX evaluated the management and IT-security of the Trading, Clearing, Surveillance, Intermediaries Compliance and Service, IT, and Business Development departments in accordance with the annual audit plan, and reviewed the inspection reports produced by each department. We reported the results of these evaluations to the board of directors and the competent authority on a quarterly basis. 49