Information Security Management
Information Security Management Policy:
All employees of the company shall strictly adhere to the requirements of the ISO/IEC 27001 standard to establish, implement, maintain, and improve the company's information security management system. Continuous enhancement of information security awareness, standardized management of the information lifecycle processes, ongoing identification and control of information security risks, and ensuring the security of all company information are imperative. The company will continuously increase investments in information equipment, enhance information technology capabilities, and provide efficient, convenient, and secure services for business operations, ensuring the reliable and sustained operation of the overall business system.
Information Security Objectives:
a. Zero incidents of leakage of important information of the company and its clients;
b. Zero complaints from clients regarding information security;
c. No major information security incidents occurring throughout the year;
d. 100% coverage of annual information security training for personnel;
e. Data collection, provision, statistics, and analysis.
The number of information leakage incidents will be reported by each department to the leader of the information security working group, who will compile the statistics; the system and key network equipment downtime rates will be collected and compiled by the network management team of the Product Technology Center.
For any unmet information security objectives, the relevant departments must conduct a root cause analysis and propose solutions. For objectives that are continuously unmet, the information security working group will issue a "Corrective and Preventive Action Tracking Record" to the relevant departments for further action.
All employees of the company shall strictly adhere to the requirements of the ISO/IEC 27001 standard to establish, implement, maintain, and improve the company's information security management system. Continuous enhancement of information security awareness, standardized management of the information lifecycle processes, ongoing identification and control of information security risks, and ensuring the security of all company information are imperative. The company will continuously increase investments in information equipment, enhance information technology capabilities, and provide efficient, convenient, and secure services for business operations, ensuring the reliable and sustained operation of the overall business system.
Information Security Objectives:
a. Zero incidents of leakage of important information of the company and its clients;
b. Zero complaints from clients regarding information security;
c. No major information security incidents occurring throughout the year;
d. 100% coverage of annual information security training for personnel;
e. Data collection, provision, statistics, and analysis.
The number of information leakage incidents will be reported by each department to the leader of the information security working group, who will compile the statistics; the system and key network equipment downtime rates will be collected and compiled by the network management team of the Product Technology Center.
For any unmet information security objectives, the relevant departments must conduct a root cause analysis and propose solutions. For objectives that are continuously unmet, the information security working group will issue a "Corrective and Preventive Action Tracking Record" to the relevant departments for further action.
