Information Security
Sinochem International formulated the Administrative Measures for Information Security and Administrative Measures for Confidentiality while continuously improving the information security management and confidentiality management system, organizational structure and assessment system. We also implemented the responsibility system for confidentiality-related tasks to strictly prevent information leakage incidents.
The company respects and protects the business secrets, data and sensitive information of stakeholders. The sharing, transferring or disclosure of confidential information to any other organization or individual without the consent of the relevant parties and the permission of the company are strictly prohibited. The company also signs confidentiality agreements with all suppliers, partners and information technology personnel to protect the business secrets of partners and ensure the security of customer information.
In terms of network security, the company formulated and published 7 systems and 1 standard such as the Network Security Management Regulations and Cyber Security Incident Emergency Plan in 2022. We strictly abide by various standard procedures, building a scientific network security system, adopting IRP (Information Resource Planning) for vulnerability management, and preventing and responding to network security incidents in a timely manner.
Risk Assessment
● Performed information system risk assessments, promoted information system penetration testing and vulnerability scanning, and improved information system security protection capabilities
● Performed network security risk assessments, detected threats in the network architecture, boundary protection, access control and intrusion prevention, and improved infrastructure security and prevention capabilities
● Performed information security risk assessments, detected the vulnerability and threats of information assets, formulated solutions and emergency handling measures, and checked and rectified the implementation thereof in a timely manner
● Regularly scanned the system for vulnerabilities, and repaired or upgraded the vulnerabilities after risk assessment and verification tests
Data Maintenance
● Enabled the overall backup processes of the server. The backup system stores the last 14 days of backup data in the entire application system in real time. The tape backup is archived every quarter, and the archived tapes of the last year are stored. The backup timings of the database content are set by the system management staff, and the database is backed up by server
● Completed the construction of the disaster recovery computer room, backed up important data through bare optical fibers, used jump servers and firewalls for backup server security protection, and only granted operation rights to backup administrators
Increasing of Awareness
● All employees signed the Personal Network Security Commitment Letter
● Conducted network security training and organized phishing email drills for all employees
● Conducted special training on network security for R&D personnel who are responsible for ensuring confidentiality
● Conducted special training on commercial secrets protection and organized a series of publicity and educational campaigns on the topic of confidentiality
Certification Audit
● Completed the ISO 27001 management system review
● Passed the acceptance tests for the technical component of the comprehensive protection platform project for industrial enterprise network security, and formed a unified industrial control security protection scheme
● Passed 7 items of information security Grade 2 and 1 item review of Grade 3
● Passed network security exercises such as “Operation Azure” and “Operation Rock”