ANXO

The company's information security policies and goals are approved by the general manager and assigned to the top manager of the company's Information Department as the dedicated information security manager. He is responsible for planning, executing, coordinating and promoting information security management matters, and assigning appropriate personnel to serve as the dedicated information security manager.
The information unit is responsible for planning, executing and promoting information security management matters, maintaining the security of data files, various computer equipment and network communications, promoting the concept of information security, and regularly reporting information security management operations to Board of Directors.

Information Security Policy

To maintain the confidentiality, integrity and availability of the company's assets and to protect the security of user data privacy. Through the joint efforts of all colleagues in the company, we can achieve the following goals:

Protect the information security of the company's R&D, business and production, etc., and ensure that only authorized personnel can access the information to ensure its confidentiality.
Protect the information security of the company's R&D, business and production, etc., and avoid unauthorized modifications to ensure its accuracy and completeness.
Ensure that the execution of the company’s various businesses complies with the requirements of relevant laws and regulations.

Specific management measures for information security

File security maintenance management
Databases, system files, shared folders, etc. are regularly backed up. Sensitive data are kept by personnel designated by the responsible person in charge. Backup files are not allowed to be taken out without the consent of the information manager.
Equipment security control management
All computer equipment is managed and properly insured, and access to the computer room is controlled by controls, inspections, and abnormal contingency measures.
Internet Management
Each unit determines the degree of network openness based on its different responsibilities. Remote logins should be properly approved, and login records should be reviewed regularly to track abnormal situations.
Email security management
Personnel changes are managed in real time, and personal email usage guidelines are promoted from time to time. Relevant emails are automatically sealed and saved, and cannot be accessed at will without the approval of the highest authority manager.
Virus prevention management
Anti-virus software is installed on server hosts and personal computer equipment and is set to be automatically updated regularly. Information security promotions are conducted through information security events from time to time to enhance personal awareness and response to malicious programs.
Firewall control management
All core information systems and personal computers for external services are controlled through firewalls. Firewall policies are formulated to target adverse network factors, and access control or restricted browsing (blacklisting), intrusion prevention mechanism (IPS), and advanced persistent threat (APT) attack defense measures of websites or specific network locations that may cause harm.
Management of information system account control
Account changes must be approved by the responsible and information supervisor, and joint use is strictly prohibited. Password setting principles must be formulated and passwords must be changed regularly to prevent others from misappropriating them.