Responsible Purchase

Scientech has established internal Supplier Management Procedures and Procurement Management Procedures to guide supplier oversight. In addition to providing a safe working environment for our employees, we work with suppliers to continuously improve environmental protection, safety, and occupational health standards, and to jointly fulfill our corporate social responsibility. To promote ethical and integrity-based business practices, suppliers are required to sign Scientech’s Supply Chain Code of Conduct and Ethics and Supplier Integrity and Anti-Corruption Declaration, and to comply with the requirements below to foster a responsible and sustainable supply chain partnership.

1. Suppliers are expected to align internal management practices with the Responsible Business Alliance (RBA) Code of Conduct. For details, please refer to the RBA website.
2. Supply and delivery
   1. Suppliers shall deliver goods and services in accordance with the timelines specified in purchase orders.
   2. For chemical procurement, suppliers shall implement appropriate environmental, safety, and health controls, including:
      1. Providing relevant EHS documentation, such as Safety Data Sheets (SDS) and hazard testing reports or risk assessment reports for new chemical substances.
      2. Ensuring containers and packaging materials, types, and labels are clearly and appropriately marked.
      3. Using transportation personnel who are professionally trained and qualified.
      4. Complying with safety and health requirements for on-site unloading, handling, and related operations.
   3. Engineering procurement projects, including purchase and lease contracts, shall comply with applicable occupational safety and health requirements.
3. Contractors and subcontractors
   1. Contractors and subcontractors shall comply with applicable occupational safety and health laws and Scientech’s site safety management requirements to prevent occupational incidents and reduce risk.
   2. Before entering Scientech premises, personnel must complete required safety and health training and meet qualification requirements for operating hazardous machinery and equipment.
   3. When Scientech provides machinery, equipment, or tools for use by contractors or subcontractors, the contractor or subcontractor is responsible for conducting pre-use inspections.
   4. During the service period, the responsible person of the contractor or subcontractor is accountable for implementing and supervising occupational safety and health practices.
4. Zero tolerance for workplace violence
   1. To prevent inappropriate or unlawful conduct—including verbal abuse, physical violence, illegal drug use, exclusion, intimidation, harassment, insults, or assault—Scientech has established clear reporting channels and follow-up mechanisms to foster a workplace culture that is safe, dignified, non-discriminatory, respectful, inclusive, and based on equal opportunity.
5. Information security responsibilities
   1. Vendors shall comply with Scientech’s information security policies, standards, and confidentiality requirements. Scientech reserves the right to audit vendors’ compliance.
   2. All software, hardware, and documentation delivered by vendors shall be inspected to ensure they do not contain malicious code (e.g., viruses, worms, Trojan horses, spyware) or covert channels. Prior to production deployment, vendors must remove test data and accounts, as well as administrative test data and accounts.
   3. All software and hardware delivered or used in providing services must be properly licensed. The delivery or use of unauthorized software or hardware is prohibited.
   4. Upon completion or termination of a contract, vendors shall delete, destroy, or return Scientech-related data obtained or held in the course of providing services, as instructed by Scientech, and retain relevant service execution records.
   5. For software or system development services, vendors shall implement version control for all releases and provide access controls and access log retention in accordance with information security management requirements.
   6. In the event of an information security incident, vendors must immediately notify Scientech, implement emergency response actions, and cooperate fully with subsequent handling.
   7. Vendors shall implement Configuration Management to ensure system integrity and consistency, meeting Scientech’s requirements for system quality and information security.
   8. If a vendor (including vendor personnel providing services to Scientech) violates the above information security responsibilities, the vendor shall be subject to contractual remedies for breach and shall be liable for damages incurred by Scientech. The vendor shall also be responsible for any harm caused to third parties.

Since 2021, Scientech has required all suppliers to sign the Supply Chain Code of Conduct and Ethics and the Supplier Integrity and Anti-Corruption Declaration, which set clear expectations for managing EHS risks; prohibiting child labor; strengthening labor management; eliminating all forms of forced labor; protecting workers’ fundamental rights; respecting human rights; adhering to ethical standards; and practicing integrity-based business operations. Suppliers are expected to cooperate with audits and related investigations, and supplier performance against these requirements is incorporated into Scientech’s procurement decision-making.

Scientech has established its Environmental, Safety, and Health (ESH) Policy—“Compliance with government regulations and customer requirements; implementation of pollution prevention and energy conservation and carbon reduction; enhancement of workplace safety and health awareness; and continuous review, improvement, and risk reduction”—and has communicated this policy across the Group. This policy reflects our commitment to environmental protection, safety, and occupational health. Scientech proactively engages with suppliers on ESH topics, encouraging them to broaden and deepen their management practices, while leveraging internal management systems to support these efforts. Through this integrated approach, we aim to align all supply chain partners in fulfilling corporate social responsibility.

To advance these responsibilities, Scientech incorporates ESG considerations into supplier evaluations using the following weighted criteria: Quality (40%), Delivery Performance (20%), Environmental Assessment (20%), and Operational Management (20%). This framework reinforces suppliers’ commitments to environmental ISO certifications, green labels, and compliance with environmental, safety, and health regulations. Suppliers rated at Grade C or below are required to undergo a supplier audit within three months or submit an improvement plan. During the procurement process, requesting departments are required to consider product life cycle impacts, prioritize the procurement of green raw materials, manage conflict minerals (3TG), and communicate environmental requirements to suppliers. Considerations also include transportation, delivery, use, end-of-life treatment, final disposal, and other information related to potential significant environmental impacts.

To comply with applicable laws, regulations, and Scientech’s site-specific occupational safety and health requirements, the company has established a Procurement Safety Assessment Guideline for the purchase of designated special items. For procurement cases within the defined scope, suppliers are required to provide relevant inspection certificates, safety and health plans, or explanatory documentation demonstrating compliance.

To further strengthen environmental protection and meet regulatory and product-related environmental requirements, Scientech has implemented an Environment-Related Substances Management Procedure. For raw materials subject to this procedure, suppliers must provide hazardous substance test reports, Environment-Related Substances Declarations, or Safety Data Sheets (SDS) to ensure reduced impacts on human health and the environment. Based on industry categories—including metal processing, plastic component processing, and wafer reclamation process materials—93 suppliers are required to sign the Environment-Related Substances Declaration.

In order to prevent occupational incidents and to safeguard the safety, health, and environmental hygiene of employees and contractors, Scientech has established a Contractor Safety and Health Management Guideline. Contractors are required to perform work in accordance with these requirements to ensure safe operations, protect worker health and safety, and prevent environmental pollution.

Scientech supports the Responsible Business Alliance (RBA) initiative on Responsible Minerals Sourcing and requires suppliers to procure conflict-free raw materials. All supply chain partners are expected to comply with the following principles:

• Comply with applicable regional and international regulations related to conflict minerals.
• Adhere to Scientech’s conflict-free minerals procurement policy, establish relevant internal policies, and communicate these requirements to upstream and downstream suppliers.
• Follow industry standards for conflict minerals sourcing and reporting.
• Provide formal assurances confirming the use of conflict-free minerals.

1. Vendors shall comply with Scientech’s information security policies, standards, and confidentiality requirements, as well as all applicable information security management regulations. Scientech reserves the right to conduct audits of vendors’ information security practices.
2. All software, hardware, and documentation delivered by vendors shall be inspected to ensure they do not contain malicious code (such as viruses, worms, Trojan horses, or spyware) or covert channels. Prior to deployment in the production environment, vendors must remove all test data, test accounts, and administrative test data and accounts.
3. All software and hardware delivered by vendors, or used in the provision of services, must be properly licensed. The delivery or use of unauthorized software or hardware is strictly prohibited.
4. Upon completion or termination of a contract, vendors shall delete, destroy, or return all Scientech-related data obtained or held during the performance of services, in accordance with Scientech’s instructions, and retain relevant execution records.
5. For software or system development services, vendors shall implement version management for all releases and provide access controls and access log retention in compliance with information security management requirements.
6. In the event of an information security incident during service delivery, vendors must immediately notify Scientech, implement emergency response measures, and cooperate fully with subsequent handling and remediation.
7. Vendors shall rigorously implement Configuration Management to ensure system integrity and consistency, meeting Scientech’s requirements for system quality and information security.
8. Any violation of the above information security responsibilities by vendors, including vendor personnel providing services to Scientech, shall constitute a breach of contract. Vendors shall be liable for damages incurred by Scientech and for any harm caused to third parties.