Information Security Risk Management Structure
ACBT has an independent information department, which is responsible for managing information security, regularly reviewing and evaluating information security protection measures, establishing backup mechanism, reviewing processes and improving or upgrading software and hardware equipment.
ACBT’s audit department audits information cycle. If deficiencies are found during the audit, the audited department will be required to propose an improvement plan and regularly track the improvement results to reduce information security risks.
| Head of Information Technology |
| ↓ |
| Execution Department (Information Technology Department) |
| ↓ |
| Information Security Units |
- Colleagues are obligated to protect the company's business information, including patents, processes, formulas and other intellectual property, and prohibit arbitrary use, leakage, tampering or destruction.
- Employees are not allowed to use private or non-Company owned computers, access equipment, and media (such as flash drives, soft drives, hard drives, recorders, magnetic disks, optical discs, and any other media in the company without approval). storage device or media).
- All messages received, sent or stored by Company's computers or network equipment are deemed to be the property of the Company.
- It is prohibited to send company business-related information, work files, presentation materials, internal company communication documents and announcements via email to non-related departments and personnel, external personal mailboxes and non-Company business-related email accounts.
- It is absolutely prohibited to use Company's network and computer resources to invade other people's systems or to engage in entertainment, personal investment and financial management, or to spread pornographic pictures, music files, jokes and other non-business-related activities.
- Colleagues have the responsibility to proactively protect company computer system data, maintain personal passwords and prevent the spread of computer viruses.
- Colleagues are not allowed to install or use any illegal or unauthorized programs on company computer equipment.
Information Security Management Plans
In order to strengthen overall information security, the company continues to carry out a number of information security enhancement projects and measures, including:
1. Network information security control:
(1) Equipped with firewall and next-generation anti-virus system
(2) Equipped with intelligent anti-hacking systems, such as network anti-intrusion IPS, Email anti-phishing, and endpoint device anomaly detection EDR
(3) Regularly check the network service system logs to track abnormal situations
(4) Use advanced encryption technologies (such as certificates or SSL, etc.) to enhance sensitive data transmission protection
(5) Regularly perform system vulnerability scans on the Company's information equipment and take corresponding strengthening measures.
2. Data protection and control
(1) Use multi-factor authentication technology (MFA) to strengthen identity authentication for accessing network resources
(2) Computer equipment should be registered and kept by designated personnel, who should be given appropriate access rights based on their duties
(3) Completely erase all data before scrapping information equipment
(4) Prepare key system data access logs to facilitate audit and tracking
(5) Implement USB blocking in key factory areas to prevent data leakage and protect the production line
3. Strain recovery mechanism
(1) Establish a system backup mechanism, implement dual and off-site backup protection
(2) Develop emergency response plans and conduct regular system recovery drills
4. Promotion and verification
(1) All new employees must sign an information security and confidentiality agreement
(2) Regularly conduct information security education, training and publicity operations to enhance employee security awareness
5. Password policy and account management
(1) The password policy for our company's account refers to international standards, adopts an international-level password policy, and changes passwords regularly
(2) System accounts must be applied for before they can be activated; accounts will be deactivated and deleted after employees stop working for the Company
(3) Information security monitoring solution with identity recognition to monitor brute force cracking, login and abnormal usage behavior
Invest resources in information security management
The company prepares a budget every year to continue to strengthen and update information security equipment to ensure the use of information security protection technology that advances with the times to implement information security protection and maintain the company's continued operations.