The company has established a strict information security management system, and built a network security management system led by senior management, dedicated personnel assume responsibility, and regularly managed by a specialized team. Multiple layers of defense have been implemented to maximize the protection of customer information.

The Company has established information security and cybersecurity management measures, and continuously enhances its security system by applying technologies such as data storage encryption, transmission encryption, data flow monitoring, and backup and recovery to safeguard data integrity and security. As reliance on information systems grows, availability risks have become increasingly significant. To address such risks, we have formulated a business continuity plan and developed systems covering network security domains, desktop security management, identity and access management, cloud security protection, and mobile security defense. These system provide authentication, protection, and monitoring support for critical business information systems to ensure business continuity and stability.

The Company continuously monitors the information security status, conducts regular vulnerability scanning and risk assessments and promptly handle threats through institutionalized procedures. Employees can report security incidents or suspicious activities through multiple convenient channels. Reported information is escalated step by step through predefined reporting channels, verified by technical specialists, and classified before being submitted to management.Incidents are handled accordance with corresponding level of cybersecurity security and information security contingency plans, ensure rapid resolution of risks and effective control of potential threats.

The Company conducts and internal audit of information technology management once a year, and commissions an external professional institution every three years to carry out a comprehensive audit covering data security and related areas of IT management.

The Company requires all employees to comply with its information security-related policies, and regularly organizes company-wide training for employees on information security awareness, information protection regulations, and operational procedures for information security, embedding the concept of information security into the entire organization.