Annual Report 2021

94 Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2021 Corporate Governance Report 企業管治報告 Group’s principal risks Key controls and treatment plan(s) Target risk trend 本集團主要風險 主要控制及處理方案 目標風險趨向 Information System and Information Security Management Risks: 信息系統與信息安全管理風險： – The operation of the Group is highly dependent on the informatization system. The system may be hacked or attacked or inadequate management of trade secret information that may lead to the leakage of the Company’s confidential information and affect the normal operation of the Company. － 本集團運營高度依賴信息化系統，系統被入侵或攻 擊，或商業秘密信息管理不到位，可能造成本公司機 密信息洩露，影響本公司正常運營。 – Establishing an information security management system, continuously improving the management system of information system and continuously enhancing the information security control measures; － 建立信息安全管理體系，持續完善信息系統管理制度， 並不斷完善信息安全控制措施； – Strengthening the physical security of enterprise data centres, developing information system/data backup and information system disaster recovery plans, standardizing personnel operations to ensure continuity in the information system business; － 加強企業數據中心的物理安全，制定信息系統╱數據備 份與信息系統災難恢復計劃，規範人員操作，確保信息 系統業務連續性； – Continuously increasing the publicity of information security and creating a cultural atmosphere of information security, regularly checking the implementation of information security strategies and continuously optimizing the construction of information security system; and － 持續加大信息安全宣貫，營造信息安全文化氛圍。定期稽 查信息安全策略執行，不斷優化信息安全體系建設；及 – Strengthening protective measures on internal and external network security and abilities to prevent viruses. The Group has passed the ISO27000 certification to ensure the information security and business system security of the Company. － 加強內外部網絡安全防護措施及病毒防禦能力，本集團 已通過 ISO27000 認證，保障本公司信息安全與業務系統 安全。