To ensure the stable operation of the Company’s information systems, services, and network environments, we aim to reduce risks arising from human error, intentional sabotage, or natural disasters. Our goal is to prevent unauthorized access, leakage, tampering, or destruction, thereby ensuring the Confidentiality, Integrity, and Availability (CIA) of our information assets.

Core Principles

• Compliance and Risk Management Identify external laws and regulations, assess internal and external issues as well as stakeholder expectations, and formulate response measures through regular evaluations.
• Accountability and Culture Establish an Information Security Committee, implement the separation of duties, and foster a corporate culture where "Information Security is Everyone’s Responsibility."
• Full Lifecycle Protection Implement asset inventory and classification management, and strengthen the security maintenance of hardware, environments, and data throughout their entire lifecycle.
• Dynamic Access Control Define rigorous rules for network transmission and identity authentication to ensure that access to sensitive information adheres to the "Principle of Least Privilege."
• Supply Chain Security Outsourced vendors must comply with the Company’s information security policies and be subject to security supervision and periodic audits.
• Incident Response and Continuous Improvement Establish emergency response plans with regular drills. Ensure the resilience and effectiveness of the management system through audits and policy evaluations.