ESG

Information Security Policy


Information Security Risk Framework


Information Security Policy

  • In order to strengthen information security management and establish a safe and reliable operating environment, to protect the rights and interests of employees, shareholders, manufacturers and customers, this policy is formulated as the basis for the implementation of various information security measures.
  • Scope of application  : This policy is applicable to all employees, contracted personnel, consultants, vendors and other business entities of the company.
  • Policies:
  1. All operations shall be carried out in accordance with the various decrees issued by the competent authorities and the relevant regulations of the company. 
  2. Job assignment should take into account the division of functions and the scope of responsibilities should be distinguished in order to avoid unauthorized modification or misuse of the information. 
  3. Sign confidentiality contracts with third parties, vendors, consultants or customers if necessary depending on the nature of the business. 
  4. Conduct information security training for all employees to improve the company’s information security level. 
  5. All employees are obligated to protect the confidential and sensitive information of the company, and it is prohibited to access, use or disclose the information without authorization. 
  6. In order to prevent computer viruses and malware, the use of unauthorized software is prohibited. 
  7. Antivirus software and firewall should be installed and continuously updated to prevent the computers from being attacked by computer viruses and malware. 
  8. A complete backup mechanism should be established for important information, and a redundancy mechanism should be established for important systems. 
  9. The business continuity operation plan should be formulated according to the business needs and exercise regularly to ensure the applicability. 
  10. Employees who violate information security regulations should be punished in accordance with relevant internal regulations of the company.

Management Measures

Item Measure
Network Security Management
  • Build up an enterprise-level firewall to block external attacks and intrusions
  • Set up firewall policies to prevent people from visiting malicious websites
System Access Control
  • Create individual account and password for the users of all the systems , and the password should comply with security principles and be changed regularly
  • Set up different permissions for users with different position
PCs & Servers Security Management
  • Set up an automatic update system that automatically send updates to PCs and servers
  • Install and continuously updated anti-virus software on PCs and Servers
  • Prohibit using USB storage devices unless permitted application
Mail Security
  • Build up an anti-spam system
  • Install multiple anti-virus software on the mail system
Backup Management
  • Back up important databases daily
  • Back up important files daily
System Availability
  • Establish a high availability mechanism for important systems
  • Back up application programs daily