Information Security Management PolicyInformation Security Management Policy
Since its establishment in 1999, Hotai Finance Corporation has demonstrated financial expertise by continuously improving and innovating diverse financial products. Hotai Finance Corporation has accumulated nearly three million customer cases. To ensure the safety of our customers’ personal data and minimize information security risks, we are committed to strengthening our information safety system and hence issue the Information Security Management Policy. The policy aims to provide employees a clear conduct to follow, and Hotai Finance Corporation expects each employee to participate and advocate for the policy to ensure the smooth operation of data, information systems, equipment, and the internet. Since its establishment in 1999, Hotai Finance Corporation has demonstrated financial expertise by continuously improving and innovating diverse financial products. Hotai Finance Corporation has accumulated nearly three million customer cases. To ensure the safety of our customers’ personal data and minimize information security risks, we are committed to strengthening our information safety system and hence issue the Information Security Management Policy. The policy aims to provide employees a clear conduct to follow, and Hotai Finance Corporation expects each employee to participate and advocate for the policy to ensure the smooth operation of data, information systems, equipment, and the internet.
HFC obtained the ISO 27001 Information Security Management System (ISMS) certification in 2022 to ensure the ISMS confidentiality, integrity, and availability. We regularly conduct organizational panorama evaluations of information department system development and maintenance and data center management every year to review the annual performance of 14 information security management and control indicators in ISO 27001.HFC obtained the ISO 27001 Information Security Management System (ISMS) certification in 2022 to ensure the ISMS confidentiality, integrity, and availability. We regularly conduct organizational panorama evaluations of information department system development and maintenance and data center management every year to review the annual performance of 14 information security management and control indicators in ISO 27001.
Implement information security, and strengthen service qualityImplement information security, and strengthen service quality
ISMS shall be followed by all employees. All information safety-related measures shall ensure the confidentiality, integrity, and availability of sales information, to prevent the risk of disclosure, damage or loss of information, and appropriate measures shall be taken to minimize risks. Hotai Finance Corporation shall continue to supervise, review and audit the tasks of ISMS to strengthen service quality. ISMS shall be followed by all employees. All information safety-related measures shall ensure the confidentiality, integrity, and availability of sales information, to prevent the risk of disclosure, damage or loss of information, and appropriate measures shall be taken to minimize risks. Hotai Finance Corporation shall continue to supervise, review and audit the tasks of ISMS to strengthen service quality.
Strengthen information safety training, and ensure operation efficiencyStrengthen information safety training, and ensure operation efficiency
Hotai Finance Corporation has adapted the following in response:Hotai Finance Corporation has adapted the following in response:
a. Through diverse training and communication channels, continue to strengthen employees’ awareness of information safety. For example: employees must undergo mandatory training on information safety to prevent personal data safety breaches. a. Through diverse training and communication channels, continue to strengthen employees’ awareness of information safety. For example: employees must undergo mandatory training on information safety to prevent personal data safety breaches.
b. Information safety audits are conducted annually, to raise employee awareness and strengthen emergency response.b. Information safety audits are conducted annually, to raise employee awareness and strengthen emergency response.
Ensure emergency response for quick recoveryEnsure emergency response for quick recovery
Establish a recovery plan in case of security breaches on important asset and businesses-related information, and conduct regular drills for smooth operation and recovery to minimize damages in the case of system errors or disasters.Establish a recovery plan in case of security breaches on important asset and businesses-related information, and conduct regular drills for smooth operation and recovery to minimize damages in the case of system errors or disasters.
ISO 27001 Information Security Management System (ISMS) certificationISO 27001 Information Security Management System (ISMS) certification
