Information security object and scope
Target: Including employees, customers, suppliers and shareholders, as well as operating-related information software and hardware equipment.
Scope: In order to ensure the company’s information security, formulate relevant rules and regulations, apply technology and data security standards, and incorporate them into the management and operation system to ensure privacy protection and information security maintenance when employees, suppliers and customers conduct business contacts.
Information Security Risk Management Framework
- SpeedTech Technology Co., Ltd. (hereinafter referred to as the company) is responsible for the information security department. The department has a information supervisor and several professional information personnel who are responsible for formulating internal information security policies, planning and implementing information security operations. Promotion and implementation of information security policies.
- The audit office of the company is the supervisory unit of information security supervision. This office has a supervisor in charge of supervising the implementation of internal information security. If any defects are found in the inspection, the inspected unit is immediately required to propose relevant improvement plans and specific actions, and regularly Track the effectiveness of improvements to reduce internal information security risks.
- The organization’s operating mode adopts regular audits and circular management to ensure the achievement of reliability targets and continuous improvement.
Information security policy and specific management plan
The company’s information security management mechanism includes the following three aspects：
- System specification: formulate the company’s information security management system and standardize personnel operations.
- Technology application: build information security management equipment and implement information security management measures.
- Personnel training: Carry out information security education and training to enhance the awareness of information security of all colleagues.
The management measures are described as follows：
- System specification: The company sets internal information security policies and information security operating procedures to regulate the information security behavior of the company’s personnel. It regularly reviews whether the relevant systems comply with changes in the operating environment, and adjusts them as needed. Regularly perform internal audits to strengthen the company’s information security operation management.
- Technology application: In order to prevent various external information security threats, the company has built various information security protection systems to enhance the security of the overall information environment.
- Personnel training: The company irregularly implements personnel information security education training courses and information security opportunities to promote information security knowledge and professional skills of the company’s colleagues.
The implementation of information security promotion in 110 years:
Information security education and training will be conducted quarterly this year, with one-day “Phishing and denial-of-access attack prevention basic education” and one-hour “Information Security Management and Application” courses, company-wide About 400 employees participated。
The information security management measures implemented by the company include the following：
|authority management||Personnel account, authority management, system operation||Personnel account authority management and review|
|Regular inventory of personnel account permissions|
|Access control||Personnel access to internal and external systems, data transmission pipeline security measures||Internal/external access control|
|Data leakage control|
|Operational behavior track record|
|External threat||Potential weaknesses of the internal system, anti-virus and anti-hack protection measures||Host computer weakness detection and update measures|
|Anti-virus and anti-hacking, junk and malware detection|
|System available||System availability status and handling measures when service is interrupted||System/network availability status monitoring and notification mechanism|
|Contingency measures for service interruption|
|Data backup and system backup mechanism|
|Regular disaster recovery drills|