Information security related education and training courses are organized annually to enhance staff information security knowledge and awareness and reduce the risk of damage to the confidentiality, integrity and availability of information assets.
Regularly publicize information security related laws and regulations, the company's information security policy and related operation management procedures, personal data protection awareness and trade secret protection, etc., in order to strengthen personnel's compliance with laws and regulations.
Avoid data leakage
Personnel who have left (suspended) shall be dealt with in accordance with the company's procedures for leaving (suspended), and all rights of information resources shall be cancelled.
Strengthen and audit the accounts and permissions of each system user annually.
Supplier safety control, strengthen confidential affidavit and information security agreements.
Ensure that services are available
Firewall controls external and internal network data transmission and resource access, and strictly monitor identity.
To strengthen the safety of physical environment, power, network and communication equipment are protected and maintained regularly, temperature and humidity are monitored, to ensure that the operating environment of the information and communication equipment meets the standard requirements, and the safety maintenance of equipment in the physical environment has been achieved.
Entering and leaving the physical environment shall comply with relevant equipment management regulations. Personnel without authority shall be accompanied by personnel with authority when entering the physical environment to fulfill business requirements.