To build and implement an end-to-end network security and privacy protection system is one of Digital China’s important development strategies. Based on compliance with applicable national and regional laws and regulations, international standards and by referring to regulatory authorities and customer requirements and industry best practices, Digital China has built an effective, sustainable and reliable network security and privacy protection system and actively cooperates with relevant governments, customers and industry partners to jointly address the relevant challenges. Digital China has fully understood the importance of privacy protection and is committed to protecting the personal data of consumers, clients, suppliers, partners, employees and other related entities in accordance with applicable national privacy protection and personal data protection laws and regulations.
Digital China has established the Network security and User Privacy Protection Committee in IT and Infrastructure Department as the relevant top class management organization for making and approving the overall network security and privacy protection strategy, for leading the team to formulate network security and privacy protection strategies and policies, and for managing and supervising the implementation of network security and privacy protection throughout the Group and its subsidiaries.
Digital China has comprehensively implemented the end-to-end global network security and privacy protection system in terms of policies, processes, tools, technologies and specifications in all business areas, and taken the following key measures to ensure network security and privacy protection:
1. Publish Digital China Privacy Protection Statement at the company level to clarify its basic attitude, overall principles and requirements on network security and privacy protection.
2. Based on business scenarios and risk groups, identify network security and privacy protection risks and formulate corresponding management requirements and integrate management requirements into relevant business processes, IT systems and tools by each business unit.
3. Establish an end-to-end network security and privacy protection & verification system, and routinely carry out measurement, inspection and internal audit; meanwhile, cooperate with third parties to carry out testing, certification, external audit and other activities to continuously enhance the management level of network security and privacy protection.
4. Implement training, education and examination on awareness of network security and privacy protection for all employees, and carry out special training for managers and high-risk groups; establish accountability mechanisms for violations.
5. In terms of organization, set Network security and User Privacy Protection Committee as the top class network security management body for making and approving the Company’s overall network security strategy and arrange each subsidiary and business unit as the first person for information security.
6. In terms of business process, integrate safety assurance activities to the whole process business link as the basic requirement of the quality management system, so as to ensure its effective implementation through management system and technical specifications; monitor and perfect business processes through internal audits and security certifications and audits from government security departments and third-party independent agencies; pass ISO27001 and national security certification by its safety management system.
7. In terms of personnel management, all our employees, partners and external consultants must act relevant safety policies, receive safety training, and apply safety concepts to the entire organization. Digital China rewards employees who engage in network security and penalizes employees who violate network security policies, laws or regulations and asks them to bear legal responsibilities.
This statement applies to Digital China Group and its direct or indirect holding subsidiaries and affiliates.