Welcome to HRT Corp., Ltd. (hereinafter referred to as "this website"). To ensure your peace of mind when using the services and information on this website, we hereby explain our Privacy Policy to protect your rights. Please read the following carefully:
Purpose:
To maintain the confidentiality, integrity, and availability of Hengrui Technology Co., Ltd.'s (hereinafter referred to as "the Company") information assets, comply with relevant regulations, and protect user data privacy from intentional or accidental threats from internal or external sources.
Scope of Application:
This policy applies to all personnel of the Company, outsourced service providers, and visitors, and is also applicable to matters related to information and communication security management.
To avoid any potential risks and harms to the Company caused by human error, intentional acts, or natural disasters, resulting in improper use, leakage, alteration, or damage of data. In addition to using the "Statement of Suitability," "Document Management Procedures," "ICT Security Audit Management Procedures," and "Corrective and Preventive Management Procedures," ICT security management also follows the following procedures for managing various matters:
1. ICT Security Policy Formulation and Evaluation (ICT Security Policy, ICT Security Objective Management Procedures, Organizational Overview Analysis Procedures).
2. ICT Security Organization (ICT Security Organization Management Procedures).
3. ICT Security Management and Training of Personnel (Human Resources Security Management Procedures).
4. Classification and Control of Important ICT Assets (Information Asset Management Procedures).
5. Data Security Control (Data Security Management Procedures).
6. Risk Identification and Control (ICT Security Risk Management Procedures).
7. Access Control Security (Access Control and Password Management Procedures).
8. Physical and Environmental Security (Physical and Environmental Security Management Procedures).
9. Operational Safety Management (Operational Safety Management Procedures).
10. Network Security Management (Network Security Management Procedure).
11. Security of Information System Acquisition, Development, and Maintenance (System Development and Maintenance Management Procedure).
12. Supplier Service Management (Supplier Relationship Management Procedure).
13. Response and Handling of ICT Security Incidents (ICT Security Threat Intelligence and Incident Management Procedure).
14. Business Continuity Management (Business Continuity Management Procedure).
15. Compliance with Relevant Laws and Regulations and Company Policies (Law Compliance Management Procedure).
Responsibilities and Authority:
To implement the company's ICT security policies, responsibilities and authority are divided as follows:
1. The company establishes an ICT Security Committee, with a member appointed by senior management as the Chief ICT Security Officer. This committee coordinates and manages the review and management of ICT security policies, plans, operations, and resource allocation.
2. The Information and Communications Security Committee establishes an Information and Communications Security Working Group, with a designated representative appointed by the Chief Information and Communications Security Officer. This group is responsible for developing and revising management procedures at all levels to meet the company's information and communications security needs, maintaining the effective operation of the company's information and communications security management system, and submitting a report on the results of information and communications security work to the Information and Communications Security Committee for management review at least once a year.
3. All units within the company must comply with the relevant information and communications security regulations established by the Information and Communications Security Working Group.
4. Company employees, system users outside the company's offices, and vendors undertaking the company's business must comply with the company's information and communications security policies and related management regulations.
5. Anyone who engages in any behavior that endangers information and communications security shall bear civil and criminal liability in accordance with the law and be subject to administrative penalties according to the company's relevant regulations.
Definitions:
1. Information and Communications Security: The realization and maintenance of the confidentiality, integrity, and availability of information and communications; it may also involve properties such as authentication, attributability, non-repudiation, and reliability.
2. Confidentiality: The characteristic that information cannot be obtained or disclosed by unauthorized individuals, entities, or procedures.
3. Availability: The characteristic that an authorized entity can access and use the information when needed.
4. Integrity: The characteristic of providing accurate and complete security guarantees for assets.
5. Authenticity: The characteristic that ensures the identification of a specific subject or resource is that of its claimed owner.
6. Non-repudiation: The ability to prove an action or event that has occurred, making that action or event irrefutable in the future.
7. Attributability: The characteristic that ensures the actions of an entity can be uniquely traced back to that entity.
8. Reliability: The characteristic that ensures the consistency between expected behavior and results.
Operating Instructions:
This website's privacy policy will be revised as needed, and the revised terms will be published on the website.
1. Our company integrates the information and communication security objectives of all levels of departments to establish the following overall information and communication security policy objectives:
Purpose:
To maintain the confidentiality, integrity, and availability of Hengrui Technology Co., Ltd.'s (hereinafter referred to as "the Company") information assets, comply with relevant regulations, and protect user data privacy from intentional or accidental threats from internal or external sources.
Scope of Application:
This policy applies to all personnel of the Company, outsourced service providers, and visitors, and is also applicable to matters related to information and communication security management.
To avoid any potential risks and harms to the Company caused by human error, intentional acts, or natural disasters, resulting in improper use, leakage, alteration, or damage of data. In addition to using the "Statement of Suitability," "Document Management Procedures," "ICT Security Audit Management Procedures," and "Corrective and Preventive Management Procedures," ICT security management also follows the following procedures for managing various matters:
1. ICT Security Policy Formulation and Evaluation (ICT Security Policy, ICT Security Objective Management Procedures, Organizational Overview Analysis Procedures).
2. ICT Security Organization (ICT Security Organization Management Procedures).
3. ICT Security Management and Training of Personnel (Human Resources Security Management Procedures).
4. Classification and Control of Important ICT Assets (Information Asset Management Procedures).
5. Data Security Control (Data Security Management Procedures).
6. Risk Identification and Control (ICT Security Risk Management Procedures).
7. Access Control Security (Access Control and Password Management Procedures).
8. Physical and Environmental Security (Physical and Environmental Security Management Procedures).
9. Operational Safety Management (Operational Safety Management Procedures).
10. Network Security Management (Network Security Management Procedure).
11. Security of Information System Acquisition, Development, and Maintenance (System Development and Maintenance Management Procedure).
12. Supplier Service Management (Supplier Relationship Management Procedure).
13. Response and Handling of ICT Security Incidents (ICT Security Threat Intelligence and Incident Management Procedure).
14. Business Continuity Management (Business Continuity Management Procedure).
15. Compliance with Relevant Laws and Regulations and Company Policies (Law Compliance Management Procedure).
Responsibilities and Authority:
To implement the company's ICT security policies, responsibilities and authority are divided as follows:
1. The company establishes an ICT Security Committee, with a member appointed by senior management as the Chief ICT Security Officer. This committee coordinates and manages the review and management of ICT security policies, plans, operations, and resource allocation.
2. The Information and Communications Security Committee establishes an Information and Communications Security Working Group, with a designated representative appointed by the Chief Information and Communications Security Officer. This group is responsible for developing and revising management procedures at all levels to meet the company's information and communications security needs, maintaining the effective operation of the company's information and communications security management system, and submitting a report on the results of information and communications security work to the Information and Communications Security Committee for management review at least once a year.
3. All units within the company must comply with the relevant information and communications security regulations established by the Information and Communications Security Working Group.
4. Company employees, system users outside the company's offices, and vendors undertaking the company's business must comply with the company's information and communications security policies and related management regulations.
5. Anyone who engages in any behavior that endangers information and communications security shall bear civil and criminal liability in accordance with the law and be subject to administrative penalties according to the company's relevant regulations.
Definitions:
1. Information and Communications Security: The realization and maintenance of the confidentiality, integrity, and availability of information and communications; it may also involve properties such as authentication, attributability, non-repudiation, and reliability.
2. Confidentiality: The characteristic that information cannot be obtained or disclosed by unauthorized individuals, entities, or procedures.
3. Availability: The characteristic that an authorized entity can access and use the information when needed.
4. Integrity: The characteristic of providing accurate and complete security guarantees for assets.
5. Authenticity: The characteristic that ensures the identification of a specific subject or resource is that of its claimed owner.
6. Non-repudiation: The ability to prove an action or event that has occurred, making that action or event irrefutable in the future.
7. Attributability: The characteristic that ensures the actions of an entity can be uniquely traced back to that entity.
8. Reliability: The characteristic that ensures the consistency between expected behavior and results.
Operating Instructions:
This website's privacy policy will be revised as needed, and the revised terms will be published on the website.
1. Our company integrates the information and communication security objectives of all levels of departments to establish the following overall information and communication security policy objectives:
- Protect the company's business activity information, prevent unauthorized access, and ensure confidentiality.
- Protect the company's business activity information, prevent unauthorized modification, and ensure accuracy and integrity.
- Establish a sustainable operation plan for information services to maintain the company's continuous operation and ensure availability.
- The company's business operations comply with relevant regulations, ensuring regulatory compliance.
2. Review: This policy should be reviewed at least annually to comply with government regulations, reflect ICT development trends, and ensure the effectiveness of the company's ICT security management operations.
3. Implementation:
3.1. The ICT security policy should be reviewed annually in conjunction with the ICT Security Committee meetings, focusing on the policy and its implementation effectiveness.
3.2. The company should regularly measure and review the performance of ICT security objectives annually using the "ICT Security Objectives Management Procedure (I-2-05)" and the "ICT Security Objectives Effectiveness Measurement Table (I-2-05-01)." The company should also annually review the effectiveness and appropriateness of the ICT security management system policies and objectives at all levels, departments, and overall.
3.3. The Company shall conduct an annual organizational landscape analysis using the "Organizational Landscape Identification Checklist (I-2-19-01)" in accordance with the "Organizational Landscape Analysis Procedure (I-2-19)". This analysis shall identify internal and external issues that may affect the organization's ability to achieve the expected results of the ICT security management system, and understand the needs and expectations of stakeholders.
3.4. The Company shall define and conduct an annual review of the "Applicability Statement (I-1-02)" for the ICT security management system. This review shall include examining the scope of application of the ICT security management system, the correctness and appropriateness of the inclusion or exclusion of ICT security control measures, and the rationale for such inclusion or exclusion.
3.5. This policy shall be implemented after being approved by the Company's "ICT Security Committee," and the same applies to revisions.