> Information Security PolicyInformation Security Policy
1. Information security is the common responsibility for all employees in the company. Employees at all levels must fully
understand and implement their own responsibilities.
2. In order to maintain the security of the overall information assets, the establishment of information security goals, cognition
and action criteria must take into consideration:
2.1 Establish a complete information security organization;
2.2 Asset management;
2.3 Ensure the safety of human resources;
2.4 Ensure the safety management of entities and environments;
2.5 Ensure the safety of communication and operation management;
2.6 Ensure the establishment of a secure access control management mechanism;
2.7 Ensure the security of information system acquisition, development and maintenance management;
2.8 Ensure the perfect handling of information security incidents;
2.9 Ensure the continuous management of business operations;
2.10 Cryptography being implemented securely;
2.11 Ensure the safe operation of information facilities;
2.12 Ensure information security management of suppliers;
2.13 Ensure the compliance and review of information security regulations;
2.14 Fulfill the Commitment in order to meet applicable requirements related to information security.
3. The establishment and maintenance of the information security management system is completely based on the requirements of
laws and regulations and the security responsibility of the contract, and is combined with the company's enterprise risk
management background.
4. In order to effectively manage and control information security risks, it is necessary to establish and implement risk assessment
and operation management procedures including risk assessment methods, information security legal and regulatory requirements,
risk acceptance standards, and risk acceptability.
5. Formulate the operation continuation plan of information security and practice it in practice to ensure the continuous operation
of the information business.
6. Clearly regulate the use rights of information systems and network services to prevent unauthorized access.
7. Establish physical and environmental safety protection measures for the computer room, and perform relevant maintenance on
a regular basis.
8. Implement information security education and training, publicize information security policies and related implementation
regulations.
9. Establish a management mechanism for information hardware facilities and software to coordinate allocation and effectively
use resources.
10. The new information system should incorporate information security factors before construction to prevent the occurrence
of situations that endanger system security.
11. The information security policy should be evaluated regularly to reflect the latest status of information security management,
laws, technology and the company's business, and to ensure the feasibility and effectiveness of the company's information
security practices.
12. Ensure information security measures for mobile devices and remote use to manage the risks caused by the use of mobile devices.
Include protection of information accessed, processed or stored in remote workplaces.
13. Provide the basis and direction for setting information security goals.
