Investors
1. Cyber security risk management framework
According to the evaluation conducted by the Company’s responsible department, the cyber security risk is not a major operational risk to the Company’s operations. However, given the fact that the network environment is getting increasingly complicated over time, and thereby increase the cyber security risk, the Company has established cyber security management structure, and authorized the responsible department to formulate and implement the cyber security management plan. With the assistance of audit department, the responsible department is responsible for monitoring operations such as internal audit of management systems, cyber security prevention, and crisis management, as well as continuously improves internal abnormality detection and prevention measures to reduce the Company’s risk.
2. Cyber security policies
(1) Perform regular education and training, to enhance employees’ awareness of cyber security.
(2) Regularly overhaul important equipment and perform disaster recovery drills to ensure the continuous operation of the Company’s business.
(3) Regularly review the system log records, evaluate the potential security risks of related equipment, and performs rectification and improvement plans.
3. Concrete cyber security management programs, and investments in resources for cyber security management
Considering the cyber security insurance is relatively new type of insurance, there is no such insurance currently suitable for the Company, therefore, the Company’s existing cyber security procedures is adopted for cyber security risk management.
Concrete measures taken are as follows:
(1) Network security management: Configures enterprise-grade firewalls and related equipment to block illegal and malicious connections.
(2) System access control: The use of any applications in the Company’s internal system, are required to go through an internal approval process, and access permission will only be open with the consent of supervisors and is limited to application applied by applicants. All accounts passwords must meet a certain rule strength to be approved.
(3) Implement cyber security training: All new recruits are required to attend education courses related to cyber security management and implement the training contents in their daily work.
(4) Virus protection and management: All servers and computers system are constantly updated, and have antivirus installed with auto-update adopted, to ensure that the system is free from malicious software
(5) System availability: Establish backup process and regularly backup relevant data.
(6) Security management for computer equipment: All mainframes, servers and hosting equipment are set up in equipment room, and access control is implemented. All access records are kept for review. The equipment room is equipped with an independent air-conditioning system and an uninterruptible power supply system, to keep the equipment running at a suitable temperature and ensure that the equipment continues to operate in event of a power failure.