Information security policy

<h4> <strong> Collection and Use of Personal Data </​​strong> </h4> <p> 1. According to the provisions of the Personal Data Protection Law and related laws, it will only be used for the services provided by the contractor for its specific purpose, and will not be arbitrarily disclosed to other third parties. </p> <p> 2. When using this website, this website will automatically collect the following information: date and time, web pages you have retrieved, your web address, the type of your browser, your actions (such as downloading) on ​​the web pages of this website, and success or failure. This information may be used to improve the performance of this website. </p> <p> 3. Monitor the behavior of the web sites that cause significant load on this site. </p> <h4> <strong> Responsibility and Education for Information Security </strong> </h4> <p> 1. Appropriate division of labor, decentralization of powers and responsibilities, establishment of evaluation and assessment systems, and establishment of mutual support systems for personnel, as necessary, for those who handle sensitive and confidential information and those who must be given system management authority due to work needs </p> <p> 2. For resigned (suspended, suspended) staff, follow the procedures for resigning (suspended, suspended), and immediately cancel all permissions to use various system resources. </p> <p> 3. Based on roles and functions, for different levels of personnel, according to the actual needs of information security education training and publicity, to promote employees to understand the importance of information security, various possible security risks, in order to improve employees' information security awareness and promote Comply with information security regulations. </p> <h4> <strong> Information security operations and protection </strong> </h4> <p> 1. Establish an operating procedure for handling information security incidents and give relevant personnel the necessary responsibilities in order to handle information security incidents quickly and effectively. </p> <p> 2. Establish a change management notification mechanism for information facilities and systems to prevent system security loopholes. </p> <p> 3. Prudently handle and protect personal information in accordance with the relevant provisions of the Computer Processing Personal Data Protection Act. </p> <p> 4. Establish system backup facilities and regularly perform necessary data, software backup and backup operations so that normal operations can be quickly resumed in the event of a disaster or failure of storage media. </p> <h4> <strong> Network Security Management </strong> </h4> <p> 1. Set up a firewall to control the data transmission and resource access of the external and internal networks at the outlets connected to the external network, and perform rigorous identification. </p> <p> 2. Confidential and sensitive information or documents are not stored in open information systems, and confidential documents are not transmitted by email. </p> <p> 3. Regularly check the internal network information security facilities and anti-virus, and update the virus code of the anti-virus system and various security measures. </p> <h4> <strong> System access control management </strong> </h4> <p> 1. According to the operating system and security management requirements, establish a password pass and change procedures and make records. </p> <p> 2. When logging in to each operating system, according to the system access permissions necessary for personnel at all levels to perform tasks, the information room system administrator sets the account and password that grants permissions and updates them regularly. </p> <hr>