Information security policy prospect: Increase the personnel acknowledgement. Avoid information security incident、Implement on daily operations、Ensure the service availability
- Hold training sessions for information security and educate employees on information security and corresponding responsibilities.
- Protect Carux operational information and avoid unauthorized access and modifications to guarantee information integrity.
- Audit internally on a regular basis to ensure all relevant operations implemented.
- Ensure the major core system of Carux maintains the system availability with certain standards.
Information security management framework
Security department conduct and implement the company information security policy, publicize information security information, enhance the staff's knowledge of information security, and regularly report information security results to the chief information security officer, general manager and chairman of the board. Check the effectiveness of internal control of company information, and setup a framework for "proactive information security and prevention" in order to ensure the confidentiality, integrity and availability of information. Reduce the risk of unauthorized use, breach or disclosure of information.
Information security response
- Information security governance:
Import the ISO27001 information management system, implement information security policy management, data security rules and regulations control, and continue to make changes to protect the company's important systems and data security.
- Risk improvement:
Regularly perform information security audit operations, ensure that information is safely implemented, introduce external information security solutions, and improve internal information maintenance procedures.
- Risk control:
The insurance policy can protect the company from all kinds of losses and damages to the minimum.
- Information Security promotion:
Promote Carux information security month activities and regularly conduct information security education training and drills to enhance employees' information security awareness.