Date
Title
Detail
Explain the company’s risk management scope, organizational structure and 2022 operation status
Risk Management Policy
The company’s risk management policy is based on systematic risk assessment
method to clarify the risks that assets may face, and through the risk review conclusion
The results determine the acceptable risk level of assets, and for
Level risk assets, controlling their risk at an acceptable level for online families
Within the degree, to ensure the security of network family assets, so as to maintain
The purpose of continuous operation of online home business.
risk management procedures
The company’s risk management procedures are handled in accordance with internal documents
File Name: Risk Management Program Version: V1.3 File Code:
Effective date: 20180901
The risk management process is divided into key business review operations, establishment of information asset inventory, asset value identification, threat and weakness identification, risk level determination, security control mechanism selection, risk assessment work report writing, security control mechanism planning, execution, effectiveness evaluation, Auditing is to form a continuous improvement mechanism to provide the protection of confidentiality, integrity, usability and individuality of assets, and refer to the detailed operation process.
Management process such as attachment PROCESS
Organizational structure and operation in 2022
Regularly hold information security meetings every quarter, and report to the management the review and measures for implementing related businesses based on the audit results.
Integrate and identify the risks and report the management situation to the board of directors in December.
Conduct internal publicity and education and training from time to time to strengthen the risk management awareness of all employees of the company.
Risk Review Frequency
Conduct risk reviews annually or irregularly.
When there is a major change, the review is performed irregularly, such as office location relocation, organizational structure change, etc.
The timing of reviews is performed from time to time at the discretion of the Management Representative.
Risk Management Job Description
Critical Business Review Assignments
The key business of Internet home is reviewed by the group manager according to the annual business. The system management team is responsible for integrated management and approved by the management representative to determine the key business of the year as the Internet home business continuity plan (BCP). in accordance with.
The review criteria are based on Annex 2 “Key Business Review Criteria”; in addition, asset owners update information asset inventories and asset risk assessments based on annual business changes.
Create Information Asset Inventory
According to the configuration items related to the service catalog in the information service management system or the assets related to the business process, classify and establish an inventory of information assets. For the classification of assets, please refer to Appendix 3 “Explanation of Assets Classification”.
Asset Evaluation Description
The evaluation criteria for assets are integrated into the risk review tool in the form of question sets according to different categories, and the asset owner conducts value evaluation after answering the questions
.jpg)