Information Security Policy

In order to ensure the confidentiality and integrity of the Company's data, information, equipment, personnel, network and other important information assets, and taking into account the Company's business needs, the Company has formulated the "Information Security Policy". All employees of the Company and all vendors and visitors who have business dealings with the Company should comply with this policy.  

Information Security Risk Management Framework

Information Security Objectives 

1. Ensure that the Company's information operations can be correct, complete and usable for continuous operation.  
2. To ensure the confidentiality of the Company's important information and to implement data access control, information must be approved by authorized personnel before it can be accessed and must not be exceeded. 

Information security controls

1. The Information Department confirms the effectiveness of our information security management operations.  
2. Establish a list of information assets, manage them in accordance with information security, and implement various control measures.
3. New employees are required to participate in information security education and training to enhance their awareness of information security protection, and the company regularly conducts information security awareness programs.
4. All employees, outsourced vendors and their partners, and visitors who use the Company's information for the purpose of providing information services or performing related information operations have the responsibility and obligation to protect the Company's information assets acquired or used by them from unauthorized access, alteration, destruction, or improper disclosure. The Company's information assets are protected against unauthorized access, alteration, destruction or improper disclosure. The Company's information assets are protected against unauthorized access, unauthorized alteration, destruction or improper disclosure.
5. To establish a secure and reliable information system environment for the sustainable operation of the Company's business. Critical information systems or equipment should be equipped with appropriate backup or monitoring mechanisms and rehearsed regularly to maintain their availability. Anti-virus software should be installed on Tongren's personal computers and the update of virus codes should be confirmed regularly, and the use of unauthorized software should be prohibited.  
6. Tongren individual holds the account number, password and authority should be good faith custody and use of responsibility and regular replacement.  
7. Design appropriate information security incident response and notification procedures to enable immediate response to information security incidents to prevent further harm.
8. All employees of the Company shall comply with the requirements of laws and regulations and information security policies. Supervisors shall supervise the implementation of the information security compliance system and strengthen employees' awareness of information security and legal concepts.