Information Security
Ancang recognizes information security as vital to sustainable operations and is committed to implementing a comprehensive management system to ensure the confidentiality, integrity, and availability of information assets, providing a secure and stable operating environment.
Information Security Governance Framework
Ancang has established a dedicated information security organization, with the Information Department Manager serving as Chief Information Security Officer to lead and coordinate security strategies. Regular audits conducted by the audit unit ensure effective implementation and enforcement of all information security systems.
Report to the Board of Directors on the Implementation of Information Security in 2025: 🔗 Information Security Governance Report
Information Security Policy and Objectives
Ancang adheres to the “Information Security Management Guidelines for Listed Companies” . Our objectives are to:
- Protect the confidentiality of information assets through controlled access.
- Ensure integrity by preventing unauthorized modification or destruction.
- Maintain system availability to support uninterrupted operations.
- Comply with applicable laws and regulations.
- Continuously enhance employee awareness and capabilities in information security.
Information Security Protection Measures
To effectively enforce our information security policies, Ancang implements the following measures:
- Multi-factor authentication and strict account/password management.
- Prohibition of unauthorized software and mandatory use of licensed antivirus programs.
- Controlled access to data centers and critical facilities.
- Robust backup and disaster recovery systems with regular drills.
- Migration to a secure public cloud platform with multi-layer network isolation, intrusion detection, and defense mechanisms.
- Deployment of a secure cloud collaboration platform featuring access control, data encryption, and anti-leakage safeguards.
-
Education, Training, and Awareness Promotion
Ancang regularly conducts cybersecurity training to strengthen employee awareness and response capabilities. Professional cybersecurity personnel receive annual advanced training to stay current with the latest technologies and defense strategies. -
Supply Chain and Subcontractor Information Security Management
Ancang enforces strict information security requirements for our partner. Contracts clearly define responsibilities for data confidentiality, usage, and destruction. All parties must comply with our security policies and undergo regular assessments to ensure compliance. -
Risk Assessment and Continuous Improvement
Ancang conducts annual asset inventories and risk assessments to identify threats and vulnerabilities in core business systems. Through ongoing internal audits, we continuously enhance our information security management system and implement improvement measures.
-
Cybersecurity Incident Response and Reporting
Ancang has established a comprehensive incident response process to promptly assess severity, initiate mitigation measures, and ensure cross-departmental coordination. Regular drills are conducted to strengthen preparedness and minimize the impact of cybersecurity incidents. -
Future Cybersecurity Improvement Directions
Ancang will continue strengthening cybersecurity governance, advancing defense technologies, fostering a security-conscious culture, and adopting the latest cybersecurity innovations. We are committed to providing a secure and stable information environment for employees and customers, while building a resilient and competitive enterprise.