Certain Micro
ESG
Information Security Policy
Information Security Management Principles
(Document No.: CISP-A-001, Version 1.0)
1. Important information assets shall be regularly inventory, classified and graded, and risk assessments shall be conducted, and appropriate protective measures shall be implemented accordingly.
2. Access rights to important information assets shall be distinguished, taking into account the relevant permissions granted by personnel in their positions, and may be obtained when necessary Adopt Implement a dense identity authentication mechanism to enhance the security of information assets.
3. Comprehensive reporting and response measures for information security incidents are required to ensure the continuous operation of information systems and businesses.
4. An operational continuity plan should be established and regular drills should be conducted to ensure important systems and operations information security incidents If it occurs, it can resume operations within the scheduled time
5. elevant personnel shall receive information security education, training and publicity in accordance with regulations to strengthen information security awareness.
6. Regularly conduct information security audits to review access rights and the implementation of information security management systems.
7. The use of email is limited to work-related business dealings, and shall not be used for private communication purposes, and shall not disseminate inappropriate, discriminatory, defamatory, pornographic, violent or illegal information, such as confidential or sensitive information Adopt Encrypted or privileged.
Violations of this policy and information security related regulations will be handled in accordance with relevant laws and regulations.
Please refer to our company information and the attached electronic document for details.
Information Security Management Principles
