ESG
Information Security Policy
Information Security Risk Framework
Information Security Policy
- In order to strengthen information security management and establish a safe and reliable operating environment, to protect the rights and interests of employees, shareholders, manufacturers and customers, this policy is formulated as the basis for the implementation of various information security measures.
- Scope of application : This policy is applicable to all employees, contracted personnel, consultants, vendors and other business entities of the company.
- Policies:
- All operations shall be carried out in accordance with the various decrees issued by the competent authorities and the relevant regulations of the company.
- Job assignment should take into account the division of functions and the scope of responsibilities should be distinguished in order to avoid unauthorized modification or misuse of the information.
- Sign confidentiality contracts with third parties, vendors, consultants or customers if necessary depending on the nature of the business.
- Conduct information security training for all employees to improve the company’s information security level.
- All employees are obligated to protect the confidential and sensitive information of the company, and it is prohibited to access, use or disclose the information without authorization.
- In order to prevent computer viruses and malware, the use of unauthorized software is prohibited.
- Antivirus software and firewall should be installed and continuously updated to prevent the computers from being attacked by computer viruses and malware.
- A complete backup mechanism should be established for important information, and a redundancy mechanism should be established for important systems.
- The business continuity operation plan should be formulated according to the business needs and exercise regularly to ensure the applicability.
- Employees who violate information security regulations should be punished in accordance with relevant internal regulations of the company.
Management Measures
Item | Measure |
Network Security Management |
|
System Access Control |
|
PCs & Servers Security Management |
|
Mail Security |
|
Backup Management |
|
System Availability |
|