● Revised the "Administrative Measures for Confidentiality" to refine some regulations on commercial secrets; newly drafted "Administrative Measures for State Secret Carriers" and "Administrative Measures for Confidential Software" to improve relevant authority and process management.
● Revised the "Regulations on Cyber Security Management," formulated the "Network Security Standards" and "Cyber Security Notification Management Rules," and strengthened the company's network security systemization, standardization, and process construction.

● Set up a full-time information security manager to be responsible for the company's information system security work, andhired external security engineers to provide on-site services to strengthen information security assurance.
● Introduced a confidentiality assessment system to promote full coverage of all employees' confidential software.
● Carried out information security risk assessments, drafted the "Information Security Risk Assessment Report," formulated solutions and emergency measures, and promptly checked the implementation of rectification.

● Prepared and released information security knowledge training courseware, conducted training for new employees, and improved the information security awareness of all employees.
● Comprehensively enhanced employees' awareness of confidentiality by carrying out multi-form and multi-channel confidentiality publicity and education, such as training on confidentiality training platforms and special training on National Security Day.
● Published the standards and requirements for the information infrastructure construction of subsidiaries, strengthened information security management and deployment during the infrastructure construction period of the enterprise; conducted network security assessments on subsidiaries’ production systems.
● Promoted subsidiaries to complete the network convergence work, greatly improved network security, and successfully passed the Blue Action-Network Attack and Defense Exercise.

● Completed the ISO 27000 management system review, and completed the ISO 27001 three-year review, and obtained the certificate.
● Continued to promote the comprehensive network security protection platform project for industrial enterprises, and completed the mid-term inspection of the Shanghai Municipal Commission of Economy and Information Technology.
● Started the network security level protection evaluation, invited a third party to test and analyze the overall security of the information system, and put forward rectification suggestions.
● Passed six items of information security Grade 2 and one item of Grade 3.

Undertook the industrial Internet innovation and development project of the Ministry of Industry and Information Technology - the construction of the industrial enterprise network security comprehensive protection platform project, formulated a three-year network security plan, standardized construction in keeping with the current national laws, regulations, and standards, and formed industry solutions.