Information Security Management Policy
In order to promote the implementation, effective operation, supervision and management of our Information Security Management System (ISMS), and to maintain the confidentiality, integrity and availability of our critical information systems, we promulgate the Information Security Management Policy. The purpose of this policy is to provide a clear guideline for all employees in their daily work, and all employees are obliged to actively participate in promoting the information security management policy to ensure the secure maintenance of data, information systems, equipment and networks for all employees of the Company, and to ensure that all employees understand, implement and maintain it in order to achieve the goal of continuous operation of the information system business process.
Risk Control
The Information Security Management System (ISMS) is implemented by all employees, and all measures related to IT operations should ensure the confidentiality, integrity, and availability of business information from risks such as leakage, destruction, or loss due to external threats or improper management by internal personnel, and to continuously implement risk management and control measures to enhance the Information Security Management System (ISMS) works.
Agile Response
To supervise all employees to implement information security management, establish the concept of "Information security is everyone's responsibility", and promote employees to understand the importance of information security, so as to improve information security management and emergency response capability, and reduce information security risks and the goal of continuous improvement.
Effective Prevention
To effectively correct the actual deficiencies in the operation of our Information Security Management System (ISMS) and prevent potential risks in order to prevent and reduce the occurrence of potential non-compliance and to achieve the goal of continuous improvement.
Sustainable Development
Formulate emergency response plans and disaster recovery plans for critical information assets and business-critical operations, and regularly conduct emergency response exercises to ensure rapid recovery in the event of information system failure or a major disaster, while ensuring the continuity of critical operations and minimizing losses to achieve business continuity objectives.