Annual Report 2023

Corporate Governance Report 企業管治報告 93 舜宇光學科技（集團）有限公司 • 2023 年報 Group’s principal risks Key controls and treatment plan(s) Target risk trend 本集團主要風險 主要控制及處理方案 目標風險趨向 Information System and Information Security Management Risks: 信息系統與信息安全管理風險： – The operation of the Group is highly dependent on the informatization system. If digitalization construction is slow or lags behind business development or if the system is hacked or attacked or management of trade secret information is inadequate, it may lead to the leakage of the Company’s confidential information and that the information system is incapable to support business development, which affect the normal operation and the sustainable profitability of the Company. － 本集團運營高度依賴信息化系統。數字化建設緩慢或 滯後於業務發展，系統被入侵或攻擊，或商業秘密信 息管理不到位，可能造成本公司機密信息洩露，信息 系統無法支撐業務發展，影響本公司正常運營及持續 盈利能力。 – Integrating trade secrets and information security system, improving the information security management system, and continuously enhancing information security control measures; － 融合商業秘密與信息安全體系，優化信息安全管理體系制度，並 不斷完善信息安全控制措施； – Strengthening information security technical defense by utilizing the situational sensing platform to integrate security data, and relying on big data analysis to timely identify attack traffic, thus achieving early warning and disposal of network attacks; － 加強信息安全技術防禦，利用態勢感知平台，整合安全數據，借 助大數據分析，及時識別攻擊流量，實現網絡攻擊的預警與處 置； – Creating a cultural atmosphere of information security, enhancing employees’ awareness of information security, regularly inspecting the implementation of information security strategies, and continuously optimizing the development of information security system; and － 營運信息安全文化氛圍，提高員工信息安全意識，定期稽查信息 安全策略執行，不斷優化信息安全體系建設；及 – Strengthening protective measures on internal and external network security and abilities to prevent viruses. The Group has passed the ISO 27000 certification to ensure the information security and business system security of the Company. － 加強內外部網絡安全防護措施及病毒防禦能力，本集團已通過 ISO 27000 認證，保障本公司信息安全與業務系統安全。