IT Security/Cyber Security Measures

• 发布日期: 2024/4/15 11:40:25
• http://www.sitc.com

In order to ensure the sustainability of the company's operations, our company has formulated information security, network security and system security policies, systems, procedures and corresponding training, which are applicable company-wide. The cybersecurity policy is formulated by the Risk Management Committee and submitted to the Board of Directors for approval.

 

1. Through the analysis of the basic security protection status of the information system, the company has adopted corresponding security mechanisms in response to the main security threats faced by SITC's global real-time office software, and deployed security equipment such as network firewalls, application firewalls, WAF, and security situation awareness to control border protection. We have developed IT security systems, management processes and inspection systems, including but not limited to IT infrastructure security, network security, server security, data security, terminal security, vulnerability management, patch management, password policy, account permission management, etc. The management process system includes physical computer room safety management system, office environment safety management system software project management process, EXCEL and other form control systems, IT hardware and service procurement management process, daily network maintenance management, security prevention and crisis response measures, and client computer management regulations, website construction management process, technical security review rules, SITC International system background data maintenance process, etc.

2. We have established an IT security incident personnel team and developed response measures and recovery procedures.

3. In order to improve employees' information security awareness, we release information security cases to employees from time to time, provide all employees in the company with guidance procedures and awareness training related to network security, and formulate security measures for computer use. Information security/cybersecurity is also part of employee performance evaluations, including disciplinary action.

4. We have implemented IT and cybersecurity policies and procedures for all employees to ensure they understand threat issues and the importance of information security/cybersecurity, and provide a clear escalation response process that employees can follow if they discover something suspicious. We have formulated response measures to climate change risks, established disaster preparedness and prevention system processes, and conducted data recovery test drills at least once a year.

5. We ensure that the geographical location of the data center have abundant network resources, a gathering of IT talents, an hour's reach from the airport, and a low probability of earthquakes, floods, and typhoons in history, etc. In terms of safe physical environment, it is equipped with electronic access control security measures, as well as lightning protection, fire protection, waterproof, anti-static, temperature control, UPS and other infrastructure to ensure the operating environment required by the system. In terms of secure computing environments and communication networks, security equipment and application systems are remotely managed through the HTTPS protocol, and the system is divided into different network areas, and network address resources are reasonably allocated according to network areas and purposes. Deploying firewalls at the Internet border for effective isolation can ensure the integrity and confidentiality of data communications.

6. At least once a year, we have IT security inspected by external professional organizations, and security reinforcement and optimization are carried out based on the inspection results. The inspection content mainly includes system vulnerability scanning, Web vulnerability scanning, and Web penetration testing.

7. We have formulated the "Information Technology Security Inspection Procedures" and "User Account Management Process" systems and conduct regular inspections.

8. We will continue to pay attention to the development of information security/network security and continuously improve and improve our systems and measures to ensure the company's information security and network security.