Information Security Management Policy & objectives

In order to reduce the loss caused by information system interruption, data loss and sensitive information disclosure to the company and customers, the company has established an information security management system, formulated information security policies and determined information security objectives.

Information Securtiy Management Policy

Risk Control: Through the implementation of information security risk assessment and security inspection in the company, constantly improve information security service capabilities, reduce customer security concerns, control risks;
Data Security: Through the implementation of various security measures, the risk is effectively controlled to ensure the safety of the company's production and application data, and the interests are not damaged;
Active Prevention: Information security work to take various proactive preventive measures, establish information security and operational risk prevention and control system, enhance the safety awareness of all staff, improve the emergency mechanism, strengthen internal security inspection, so that problems can be prevented before they occur;
Continuous Improvement: The continuous improvement of information security management according to PDCA model ensures that the company's information system is always fully protected in the process of dynamic change.

In order to ensure the confidentiality, integrity and availability of various information assets, information security management is effectively implemented, risks are actively prevented, and control measures are improved:

• 1) Each organization shall establish a complete information security management organization, determine the information security policy, security objectives and control measures, and define the management responsibilities of information security;
• 2) Identify and meet information security requirements of applicable laws, regulations and relevant parties such as customers;
• 3) Regular information security risk assessment, ISMS review, corrective and preventive measures should be taken to ensure the continuous effectiveness of the system;
• 4) The use of advanced and effective facilities and technologies to process, transmit, store and protect all types of information;
• 5) Carry out continuous information security education and training for all employees, and continuously enhance their information security awareness and ability.
• 6) Develop and maintain a perfect business continuity plan to achieve sustainable development.
• 7) The applicability and adequacy of the basic policy shall be reviewed regularly in light of the actual situation and revised when necessary.

The information security objectives are as follows

Update of information security policy objectives
In order to ensure that the information security policy and objectives are in line with the company's strategic objectives, the management shall review the information security policy and objectives at the management review meeting every year, and the Information Security Department shall update the policy and objectives according to the results of the review and communicate them to the relevant personnel through meetings or telephone calls.

The realization of information security objectives
In order to ensure the realization of safety objectives, risk assessment should be carried out first, according to the results of risk assessment and the requirements of ISO27001:2022 standard to establish system procedure documents, and design the corresponding template form;
All employees shall not deliberately violate the system and regulations related to information security, and strictly follow the relevant regulations;
The information security project team is responsible for measuring and evaluating the information security objective after the annual internal audit and before the management review, recording it in the management system effectiveness measurement scale, and reporting the achievement of the annual information security objective to the management during the management review meeting.