1. Purpose
To ensure the confidentiality, integrity, and availability of all assets and information of ShareGuru Intelligence Technologies Inc.(hereinafter referred to as “the Company”), this Information Security Management Policy is established in compliance with relevant laws and regulations, so as to protect against intentional or accidental internal and external threats.
2. Scope of Application
All employees of the Company, business partners, outsourced service providers, and visitors.
3. Information Security Organization and Responsibilities
The Company has established an Information Security Team responsible for the approval and supervision of the establishment of the information security framework, as well as information security prevention and incident response.
4. Information Security Management Principles
To meet government information security requirements, the Company will continuously enhance its information security protection capabilities and strengthen and improve the following regulations:
(1) Corporate Management Regulations
a. Access Control: Grant only the permissions required to perform assigned job duties.
b. Segregation of Duties: Prevent employee fraud.
c. Employee Education and Training: Continuously provide relevant education and training to employees.
(2) Network / Hardware, Software, and Data Center Management Regulations
Access to the data center must be accompanied by management personnel, and entry and exit times and purposes must be recorded.
(3) Backup Mechanisms
a.Critical host systems shall be backed up on a regular basis to reduce the risk of data loss caused by malware and computer virus attacks.
b. All data shall be backed up regularly, and encryption mechanisms shall be adopted during backups.
(4) Risk Management
Manage risks of internal data leakage by employees, conduct information security awareness training, and perform risk assessments and response measures, while continuously strengthening proactive management and improvement plans related to information security information.
5. Revision
To ensure the practicality, security, and effectiveness of the “Information Security Management Policy” in actual operations, this policy shall be evaluated or revised at least once a year based on business changes, technological developments, and the results of risk assessments, or in accordance with government information security management requirements, laws and regulations, technologies, and the latest business developments.
6. Implementation
This policy shall be reviewed by the “Information Security Team.” After approval, it shall be implemented upon announcement or communication to all Company units and relevant external parties. The same procedure applies to revisions.
