The Company established a comprehensive management system for information security and privacy protection, incorporating privacy protection policies and related efforts into the overall risk and compliance management across the Company. Internal and external audits on privacy policy compliance were conducted on a regular basis to ensure effective implementation of the Company’s privacy policies. In 2023, all of our IT infrastructure and information systems have obtained the ISO 27001 and ISO 27701 certifications. To ensure effective operation of the system, the Company conducts regular internal audits and regulatory reviews annually, and undergo audit trails by external organizations.
Emergency management
The Company adopts a set of whole-process information security response and protection measures: rigorous preventive efforts before incidents, proactive response during incidents, and swift handling upon incidents. The Company formulated the Information Security Emergency Response Plan and an information security issue reporting process to ensure timely handling of cybersecurity emergencies. At least one penetration testing is conducted on all information systems of the Group every year, with third-party vulnerability analysis and rectification based on the results ensured. In 2023, 263 system vulnerabilities were identified, all of which have been fully rectified or have a remediation plan in place, without impacting any customers or internal employees. No privacy breach incidents occurred during the year.
Capacity building
In terms of information security training for employees, the Company sent over ten tweets throughout the year via email and LONGi’s WeChat official account, disseminating information security knowledge to all employees, so that they handle information security issues with caution. In cases where information leakage incidents occur due to personal reasons of employees, the Company will implement disciplinary actions corresponding to the severity of the incident. In order to strengthen information security management of suppliers, the Company integrated supplier information security management standards into the Supplier Management Regulations, checked and assessed suppliers’ information security capabilities when necessary, and ensure information security rights and interests of both parties through confidentiality agreements, service monitoring, reviews, and other measures.