Data Protection and privacy

Information Security Risk Management Framework

  1. The Information Department is responsible for information security. The Department includes one Information Supervisor and several IT professionals who are responsible for formulating information security policies, implementing information security policies, and executing information security operations.
  2. The Audit Office is responsible for regularly supervising the state of internal information security. Any deficiencies found in information security shall require any investigative team to provide a specific plan for improvement and follow up on the efficiency of such improvements with the goal of mitigating risks to internal information security.
  3. Group operations shall adopt a curricular management style to ensure greater reliability and effective realization of information security.

Information Security Policy

ZIG SHENG seeks to quantify information security and management with the express goal of maintaining the confidentiality, integrity, and availability of company information. The company weighed the requirements of relevant laws and regulations; and asked the management team to provide appropriate information policies, along with regular information security training, to ensure an employee consensus on business activities classified as high risk.
"Threat Prevention" is a prerequisite that does not allow for any actions or behavior that compromises the security of company information. This helps to reduce any information security threats from inside or outside the company; and effectively prevents an information security breach to ensure proper information security management.

Specific Regulation Methods and Responsive Measures