top of page

ISMS

LHsat's Information Security Management System

  1. LHsat's Information security objectives are to ensure the confidentiality, integrity and availability of important and core systems. Define and measure quantitative indicators of Information security performance according to various levels and functions to confirm the implementation status of the information security management system and whether the Information security objectives are achieved.
     

  2. In order to achieve the company's mission objectives and the top management's expectations and requirements for Information security, and ensure the security of the company's information assets, the Information security policy is set as follows:

    2.1. Ensure the confidentiality of the company's relevant business information and prevent the leakage and loss of the company's confidential information and personal data.

    2.2. To ensure the integrity and availability of the company's relevant business information, so as to correctly carry out the company's operations and various businesses.
     

  3. In order to ensure the effective operation of the information security management system, the company has established an information security committee to coordinate the planning and promotion of the information security management system. Its organizational structure is recorded in the company's "Information Security Manual" and "Information Security Organization and Management Review Operation Procedures".
     

  4. Human resource security control: In order to reduce the impact of human factors on the company's information security, the company implements appropriate information security education, training and publicity to enhance personnel's awareness of information security.
     

  5. Asset management: In order to protect the security of the company's information assets, the company establishes a list of information assets in accordance with regulations, and formulates the operating principles of information asset classification, classification and management and control measures.
     

  6. Access Control:

    6.1. To ensure authorized access to information processing equipment, establish user passwords, registration, change, deletion and periodic review mechanisms, and establish desk and computer screen clearance measures.
     

    1. In order to maintain network security, establish a network service mechanism, separate the internal network and external network, and control the use of remote work and mobile devices.

 

  1. Password Control: Establish a policy on the appropriate and effective use of passwords to protect the confidentiality, authentication and integrity of information.
     

  2. Infrastructure and environmental security control: In order to ensure the safety of computer rooms, office premises and related equipment, the company has established principles for computer room access control, equipment inspection and management, as well as the use, management and disposal of general office information equipment.
     

  3. Operational and Communication Security:

    9.1. In order to ensure the correct and safe operation of information equipment, establish the norms for the correct use of information, prevent the leakage of confidential information, and establish a mechanism to prevent malicious code and removable code.

    9.2. To ensure the integrity and availability of information assets, establish backup operations for information processing facilities and adopt the principles of service management and control of external information processing facilities.

    9.3. In order to maintain network security, formulate network security control mechanisms and supervise the principles of system usage track protection.
     

  4. System acquisition, development and maintenance: In order to ensure the safety of application system development management, testing, acceptance, launch, maintenance and outsourced management operations, the company has established standard control procedures.
     

  5. Supplier Relations: Establish supplier relations and management to ensure the security of suppliers' access, processing and management of the company's information and information processing facilities.
     

  6. Information security incident management: In order to reduce the damage caused by information security incidents, the company has established information security notification and handling procedures, and recorded them.
     

  7. Operation continuity management: In order to ensure the continuous operation of the company's business, the company has established the information security level control principles of operation continuity management, established the business continuity operation management process and structure, and wrote and implemented the business continuity operation plan.
     

  8. Compliance: In order to ensure that the implementation of the information security management system complies with relevant laws, security policies and the latest technology trends, the company has established compliance confirmation principles.
     

  9. Employees who violate relevant regulations on information security shall be dealt with in accordance with disciplinary procedures for their information security responsibilities.
     

  10. This policy is reviewed at least once a year by the top executive of the company's information security organization to comply with the latest developments in relevant laws, technologies and business, and to ensure the effectiveness of information security practices.
     

  11. Matters not covered in this policy shall be handled in accordance with relevant laws and regulations of the company.
     

  12. This policy will be implemented after the approval of the chief information security officer of the company; the same applies to amendments.

bottom of page