Information security risk management policy

Information security risk management policy

The Company has adopted the information security policy and established a set of comprehensive information security measures and management procedures for its information system. Although the Company has built the above policy, it is impossible to completely avoid illegal invasions into and damages to the Company’s information system by third parties. However, the Company will continue to review and evaluate, and strengthen security measures and procedures to ensure its competency and effectiveness and mitigate risk.

  1. Information security risk management framework

    The responsible department of the company's information security is the IT department, which has an IT manager and a numbers of IT personnel , who are responsible for formulating the company's information security policy, planning information security operations, and promoting and implementing information security policies. The audit office will conduct regular inspections every year. If any defects are found in the inspection, the inspected unit will be immediately requested to propose improvement measures, and the improvement results will be tracked regularly to reduce internal information security risks.

  2. Information security policy

    In order to maintain the normal operation of the company's information system, strengthen the security management of information communication, ensure the availability, integrity and confidentiality of information, and avoid internal and external intentional or accidental threats. The company's information security management mechanism includes the following:

    1. System specification: formulate the company's information security management system to standardize the operation behavior of personnel.

    2. Organizational management system: establish the company's information security work management system, establish the responsibilities of the security management organization, make overall planning and expert decision-making to promote the development of information security work.

    3. System protection: Set up information security management equipment and tools, and implement information security management measures.

    4. Personnel training: regularly conduct information security education and training to improve the information security knowledge and professional skills of the company's colleagues.

  3. Specific management plan

    Regularly review internal information security regulations, coordinate, manage and supervise all information security businesses of the group, regularly conduct relevant information security inspections such as protection system effectiveness checks and social engineering drills, and continue to provide relevant information security publicity to employees. Through the implementation of information security policies and operating procedures, a sufficient information security environment can be provided to ensure the normal operation of the company's various services.
     

  4. Resources in information security management

    Build an information security monitoring system and perform system vulnerability scans to prevent hackers from invading and stealing confidential company information. Desktop computers, notebook computers, etc. management to implement the protection of personal data of employees, confidential company data, customers and suppliers, etc.