Annual Report 2020

Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2020 86 Corporate Governance Report 企業管治報告 Group’s principal risks Key controls and treatment plan(s) Target risk trend 本集團主要風險 主要控制及處理方案 目標風險趨向 Information System and Information Security Management Risks: 信息系統與信息安全管理風險: – The operation of the Group is highly dependent on the informatization system. The system and information security may be hacked or attacked that may lead to the leakage of the Company’s confidential information and affect the normal operation of the Company. - 本集團運營高度依賴信息化系統,系統和信息安全被 入侵或攻擊,可能造成公司機密信息洩露,影響公司 正常運營。 – Establishing an information security management system, continuously improving the management system of information system and enhancing the information security control measures on an ongoing basis; - 建立信息安全管理體系,持續完善信息系統管理制度, 並不斷完善信息安全控制措施; – Strengthening the physical security of enterprise data centres, developing information system/data backup and information system disaster recovery plans, standardizing personnel operations to ensure continuity in the information system business; and - 加強企業數據中心的物理安全,制定信息系統╱數據備 份與信息系統災難恢復計劃,規範人員操作,確保信息 系統業務連續性;及 – Strengthening protective measures on internal and external network security and abilities to prevent viruses, the Group has passed the ISO27000 certification to ensure the protection of information security and business system security of the Company. - 加強內外部網絡安全防護措施及病毒防禦能力,本集團 已通過 ISO27000 認證,保障本公司信息安全與業務系統 安全。