Information Security Policy

In order to maintain the smooth operation of information systems, information services and network status, reduce risks such as human negligence, intentional or natural disasters, and prevent unauthorized access, use, control, leakage, destruction, tampering, destruction or other infringements , ensure the confidentiality (Confidentiality), integrity (Integrity) and availability (Availability) of information assets, and formulate specific information security policies.

Management regulations

Management regulations formulate various information security management regulations and handle them with reference to government laws and regulations (such as the Information Security Management Law and related sub-laws, etc.). Pay attention to the development situation of information security, identify changes in internal and external issues and the interaction between the needs and expectations of concerned parties, analyze risks, formulate countermeasures and take measures to reduce their impact on operations. Establish an information security organizational system and assign duties, powers and responsibilities to promote protection work and fulfill management responsibilities. Implement information security education and training to ensure employees understand information security responsibilities to enhance protection awareness. Regularly inventory information assets, use risk assessment mechanisms, and effectively manage and control impact projects. Strengthen physical and equipment protection, perform regular care and maintenance, and maintain normal operations. Establish network transmission rules to protect sensitive documented information from unauthorized access and tampering. Implement information security audits, examine and discover problems, propose countermeasures and take corrective measures. Through emergency response plans and regular drills, we can prepare for emergencies and quickly resume operations. Outsourced manufacturers and personnel should sign a confidentiality agreement in accordance with the contract before they can perform information-related operations. Information security policies should be evaluated regularly to reflect the latest status of information security management, laws, technology and operations, and to ensure the feasibility and effectiveness of information security practices.