Information Security

Information Security

Information Security Policy and Vision

1.Enhance employee awareness.

2.Prevent information leaks.

3.Implement routine O&M.

4.Ensure service availability

Information Security Objectives

1.Organize information security training to increase employees’ information security awareness and strengthen their knowledge of related responsibilities.

2.Protect information on the Company’s business activities from unauthorized access and modification to ensure its accuracy and integrity.

3.Conduct regular internal and external audits to ensure that all required operations are implemented.

4.Maintain a high level of system availability for the Company’s critical core systems.

Structure and Responsibilities of the Information Security Committee

Information Security Committee

Executive Secretary

Information Security Execution Team

Emergency Response Team

Information Security Audit Team

Specific Information Management Measures

The Company established the Information Security Committee in April 2018 to enhance information security management. The Committee is responsible for reviewing the information security governance policies of the Company and its subsidiaries and overseeing information security management. We also hold regular ISMS management review meetings to review information security and governance-related issues and make continuous improvements to ensure the formulation and applicability of information security policies.
The Chief Information Officer of the Company is responsible for the governance, planning, supervision, and implementation of information security operations to construct comprehensive information security defense capabilities and information security awareness of employees.

Our information security strategy focuses on information security governance, legal compliance, and the use of technologies, from systems to technology and from personnel to organization to improve comprehensive capabilities in information security.

In view of emerging threats in information security such as DDoS (Distributed Denial of Service) attacks, ransomware, social engineering attacks, and counterfeit websites, the Company regularly pays attention to information security issues and plans response strategies. We organize exercises for different information security scenarios to strengthen the response of our employees so that we can detect and block attacks immediately. We also organize regular information security audits (Communication and Operation Management System) such as vulnerability scanning or penetration tests to make sure that the information system and network environment meet safe implementation standards.
As information security insurance is a new type of insurance policy and involves issues such as the information security rating and inspection institutions, claim forensic institutions, and conditions under which claims are not provided, the Company is currently considering whether the purchase of information security insurance is necessary. Our future goals are to complete information security regulations, conduct regular information security assessments, and obtain international information security certifications. We will continue to strengthen information security protection and establish joint defense mechanisms, especially in the training of talented information security personnel. The Company will regularly announce information security policies and organize arrange information security training every year.
Scroll to Top