Information Security Management
Information Security Risk Management Framework |
|
Information Security Policy |
In order to enhance the security and stable operation of the company’s information and communication operations, provide secured information and communication services, and ensure the confidentiality, integrity and availability of information assets, the information security policy has been formulated as the highest guideline for the company’s information and communication security management.
All employees in the company have obligations and responsibilities to comply with information security rules and regulations, maintain company information security, ensure the safe maintenance of company data, information systems, equipment and networks, and avoid the threat of accidents caused by all kinds of improper use, leakage, tampering, theft, and destruction, to reduce related risks. |
Specific Management Plan |
The company has not yet been insured under information security protection plan, but has established information security policies and other related operating standards, including physical and environmental security, network and computer security, system access control, sustainable operation of the system, information security promotion and education training, etc. which have all been carried out in accordance with the operating specifications. In 2020, we also reviewed the company’s information environment through external consultants, and reported to the Board on the information security risk assessment on December 21, 2020, in an effort to further improve information security operations and ensure the company’s business continuity. Our dedicated cybersecurity unit consists of one cybersecurity manager and one cybersecurity personnel. We hold regular monthly meetings to review cybersecurity policies and implementation details. |