According to the requirements of the "Cybersecurity Law of the People's Republic of China", SST started the information system security level protection assessment in July this year.
The entire project has gone through four phases, including assessment preparation, plan compilation, on-site implementation, and analysis and report submission. This security assessment covers the physical environment, host, network, business application system, security management system, and team in charge of the official website of SST.
The security assessment examines ten aspects including the Physical Environment Security (PES), Communication Network Security (CNS), Area Boundary Security (ABS), Computing Environment Security (CES), Security Management Center (SMC), Policy and System Security (PSS), Organization and Resource Security (ORS), Human Resource Security (HRS), Construction Management Security (CMS), and Maintenance Management Security (MMS) through various processes and stages such as static assessment, field tests, and comprehensive assessment.
After 4 months of relentless effort, in accordance with the standards and requirements of Level 2 Security Assessment, SST enhanced a number of security measures on its official website such as the implementation of hacking detection and protection, firewall security policy adjustment, network port control, and background operation log recording and tracking, improved and perfected the construction of the Company's network information system, clarified the responsibilities of all relevant personnel, and reinforced the software and hardware in a more targeted manner.
Eventually, the Company successfully obtained the "Level 2 Security Assessment Certificate" for SST's official website system issued by the Ministry of Public Security, which proves that SST's official website system has met the national standard in terms of technical security, system management, and emergency preparedness.
In addition to the recently obtained Level 2 Security Assessment Certificate for SST's official website system, SST has already obtained the Level 3 Security Assessment Certificate for the server room.
In the future, the Company will continue to establish a more comprehensive network information security protection system based on management regulations and technical standards to effectively improve the Company's overall network information security protection capability.