Sinochem International has formulated the "Administrative Measures for Confidentiality" and "Administrative Measures for Information Security." The company has also established and improved the organizational structure and assessment system for confidentiality work, implemented the responsibility system for confidentiality work, clarified the scope of confidential information, formed a work flow for classification, and gradually built scientific and standardized information security systems to rigorously prevent information leakage accidents.
The company strictly protects customer data and sensitive information, and it is strictly prohibited to share,transfer, or disclose users' personal information to any other company, organization or individual without permission. The company signs confidentiality agreements with all suppliers, partners, and information technology personnel to protect the business secrets of partners and comprehensively ensure the security and stability of enterprise and customer information.
● Revised the "Administrative Measures for Confidentiality" to refine some regulations on commercial secrets; newly drafted "Administrative Measures for State Secret Carriers" and "Administrative Measures for Confidential Software" to improve relevant authority and process management.
● Revised the "Regulations on Cyber Security Management," formulated the "Network Security Standards" and "Cyber Security Notification Management Rules," and strengthened the company's network security systemization, standardization, and process construction.
● Set up a full-time information security manager to be responsible for the company's information system security work, andhired external security engineers to provide on-site services to strengthen information security assurance.
● Introduced a confidentiality assessment system to promote full coverage of all employees' confidential software.
● Carried out information security risk assessments, drafted the "Information Security Risk Assessment Report," formulated solutions and emergency measures, and promptly checked the implementation of rectification.
● Prepared and released information security knowledge training courseware, conducted training for new employees, and improved the information security awareness of all employees.
● Comprehensively enhanced employees' awareness of confidentiality by carrying out multi-form and multi-channel confidentiality publicity and education, such as training on confidentiality training platforms and special training on National Security Day.
● Published the standards and requirements for the information infrastructure construction of subsidiaries, strengthened information security management and deployment during the infrastructure construction period of the enterprise; conducted network security assessments on subsidiaries’ production systems.
● Promoted subsidiaries to complete the network convergence work, greatly improved network security, and successfully passed the Blue Action-Network Attack and Defense Exercise.
● Completed the ISO 27000 management system review, and completed the ISO 27001 three-year review, and obtained the certificate.
● Continued to promote the comprehensive network security protection platform project for industrial enterprises, and completed the mid-term inspection of the Shanghai Municipal Commission of Economy and Information Technology.
● Started the network security level protection evaluation, invited a third party to test and analyze the overall security of the information system, and put forward rectification suggestions.
● Passed six items of information security Grade 2 and one item of Grade 3.
Undertook the industrial Internet innovation and development project of the Ministry of Industry and Information Technology - the construction of the industrial enterprise network security comprehensive protection platform project,
formulated a three-year network security plan, standardized construction in keeping with the current national laws, regulations, and standards, and formed industry solutions.