CyCraft has announced the Information Security Management Policy to ensure the effective implementation, supervision, and continuous operation of our Information Security Management System (ISMS), and to maintain the confidentiality, integrity, and availability of our critical information systems.
This policy provides clear guidelines for our employees in their daily work. All employees are obliged to follow and promote this policy to ensure the security of our personnel, data, information systems, equipment, and networks. We expect all employees to understand, implement, and maintain this policy to achieve the goal of continuous operations.
For regulations regarding the use of information equipment and various network services, please refer to the "ISMS-W-001 Information Equipment Security Management Standard Operating Procedures."
"Implement Information Security to Enhance Service Quality";
"Strengthen Security Training to Ensure Continuous Operations";
"Prepare for Emergencies to Enable Rapid Disaster Recovery".
All employees shall fully execute the ISMS procedures. All information-related operations must ensure the confidentiality, integrity, and availability of business data, protecting it from risks such as leaks, damage, or loss due to external threats or improper internal management. Select appropriate measures to reduce risks to acceptable levels. Continuous monitoring, reviewing, and auditing of the information security management system should be conducted to enhance service quality and improve service standards.
Supervise all employees in implementing information security management tasks. Conduct appropriate information security education and training annually to reinforce the concept that "information security is everyone's responsibility." Encourage employees to understand the importance of information security and comply with its regulations. This approach enhances information security awareness and emergency response capabilities, reduces security risks, and achieves the goal of continuous operations.
Develop emergency response and disaster recovery plans for critical information assets and key business operations. Regularly conduct drills of various emergency response procedures to ensure that, in the event of information system failures or major disasters, recovery can be swift, key business operations can continue, and losses are minimized.