We consider information security to be essential. We drafted our information security basic policy in September 2013, and all our employees behave in accordance to its seven action guidelines.
We are particularly conscious of the following activities.
- Management based on the information security management system
- Management of information/sales and technical confidential information entrusted to us by our customers
- Supporting the Personal Information Protection Law
Information Security Basic Policy
This policy applies to the SMIC Group.
The SMIC Group places information in the number four spot of assets so that all our stakeholders maintain a "secure" brand image. We take the initiative in building an information security management system as well as to maintain and improve information security.
All our employees promote the following seven activities as concrete action guidelines.
Action Guidelines
1. | Compliance with laws and contracts When handling information assets, all our employees comply with laws and regulations that prevent unfair use in each country, laws that require accuracy, laws that protect personal information, and contracts with customers. |
2. | Information security management system We establish internal regulations for information security and clearly present them in the company. We have also set up an organized management system to work towards continuous improvement. |
3. | Implementation of management policies based on risk analysis We investigate threats and vulnerabilities surrounding our information resources, analyze the identified risks based on proper standards, and implement proper management policies to take prompt measures. |
4. | Duty of the management team The management team supports and expresses its support for the policy. It takes initiative in promoting the information security management system and provides the necessary management resources. |
5. | Evaluation and revision of compliance status The Security Committee regularly reviews the evaluation of countermeasure standards based on factors such as the results of the internal audit, change in information assets, and new threats. It then confirms their validity and takes appropriate corrective measures such as changing the policy to maintain business continuity. |
6. | Dealing with offenders In the unlikely event that an employee commits an act that violates the company regulations, the management team will evaluate its severity and take strict measures. The employee must take responsibility for the violation. |
7. | Dealing with intruders We build a system to smoothly and promptly implement required measures such as communication, preservation of evidence, damage amplification and prompt damage recovery when our communication asset is breached, and take measures to prevent recurrence of such breaches. |