Informational Security
In AirTAC, we take information security management very seriously. We have established information security control standards targeting computer viruses, cyber-attacks, data breach, legal compliance, and risk control. Information instrument and analysis framework systems have been introduced to effectively ensure customers’ information security while protecting their privacy. AirTAC performs an information security audit regularly in order to effectively prevent information security risks caused by human error. Related information security education and training is regularly carried out at the same time to ensure that employees understand applicable principles regarding information security control.
From 2020 to 2021, the use of modular room count has completed the new support room and the main room upgrade project. The system data security and hardware environment of several centers of the company have been improved, and the comprehensive energy consumption of the room has been greatly reduced, which is in line with the development direction of green carbon reduction, while the new next generation firewall equipment detects and filters network traffic and enhances the protection against network threats.
Information security risk management framework
The IT department is an independent department that is not subordinate to the user department. It is responsible for planning and implementing security policies, promoting data security, improving employees' awareness of data security, and collecting and improving the technology, or procedures related to the effectiveness of information. Implement network security, data security, internet data center, mail security control, information system access control, and other management matters. The audit department conducts an annual data security audit on the internal control system - information operation cycle to evaluate the effectiveness of the company's internal control over information operation.
Information security policy and specific management plan
|
Network
control |
Information security authorization education and training |
Data
access |
Control mechanism |
|
l Deployment of network gateway firewalls for internal and external control of data transmission
l Authorization control of terminal unified account
l Centralized strategy implementation of corporate antivirus software |
l Information Department is the authorization unit
l Control according to procedures on network access data reading
l Control authorization according to procedures for personnel leaving or reassigning work
l Proactive promotion of information security knowledge and regular inspection |
l Implement authorization management according to different groups of departmental personnel
l Control the addition and change of authority of each application service system according to the procedures of the information system cycle process |
l Formulate information security incident response measures
l Regular practice of system data recovery to verify its availability
l We highly value systematic data backup mechanisms to ensure disaster recovery capability |
Implementation
Airtac has no business damage caused by major data security incidents.
Continuously implement data security management policy, and regularly implement recovery plan drills to protect the security of important systems and data of the company.