Information Security Management
The Structure, Policy and Measures of FENC Information Security Management：
- FENC has its Information & Technology Center (ITC) in charge of the information security management of the Company. In order to achieve efficient management and proper maintenance to the computer information environment, as well as to ensure the confidentiality, completeness and availability of the information access and operation, ITC has established the Information Security Policy and obtained certifications including ISO 27001 - information security standard as the guidance for all related personnel to reduce any impact from any information security incidence. The scope covers information authorization, data backup, system development, contractor management and intellectual property management…etc.
- In order to increase information security of the Company as a whole and to keep continuous improvements in internal structure and internal controls, the ITC established “Information Security Committee” in 2016. The role and function of the Committee is promoting information security in the organization, hold meetings of related topics, to show the importance and support for information security, and to make the information security management system operate continuously and stably. The convener of the Information Security Committee is taken by the Executive Vice President of the ITC. The Committee members include managers from ITC different supporting teams and audit department.
The Information Security Meeting was held regularly once a year. If there is a major information security incidence, the meeting can be held immediately to secure the suitability, completeness and effectiveness of the information security system operation. The Committee shall consult with employee of related department, external expert when necessary. All above mentioned major issues and executions relating to information security shall be reported to the board quarterly by Audit department.
- FENC does not have information security insurance for the moment. The ITC has set up information security policy and obtained certification for ISO 27001 - information security standard and tasks including network security (including overall antivirus system), firewall, data backups and remote backups are all carried out according to the guidance. Furthermore, the Company also establish a global headquarters continuous operation project and conduct Post-disaster recovery exercise simulation each year to ensure the normal operation ability of the Company.