SK hynix system ic Wuxi solutions will continuously strive to generate values based on SUPEX Spirit for all stakeholders, not only staff members and customers but business partners and investors.
In order to reduce the loss caused by information system interruption, data loss and sensitive information disclosure to the company and customers, the company has established an information security management system, formulated information security policies and determined information security objectives.
Risk Control: Through the implementation of information security risk assessment and security inspection in the company, constantly improve information security service capabilities, reduce customer security concerns, control risks;
Data Security: Through the implementation of various security measures, the risk is effectively controlled to ensure the safety of the company's production and application data, and the interests are not damaged;
Active Prevention: Information security work to take various proactive preventive measures, establish information security and operational risk prevention and control system, enhance the safety awareness of all staff, improve the emergency mechanism, strengthen internal security inspection, so that problems can be prevented before they occur;
Continuous Improvement: The continuous improvement of information security management according to PDCA model ensures that the company's information system is always fully protected in the process of dynamic change.
In order to ensure the confidentiality, integrity and availability of various information assets, information security management is effectively implemented, risks are actively prevented, and control measures are improved:
Update of information security policy objectives
In order to ensure that the information security policy and objectives are in line with the company's strategic objectives, the management shall review the information security policy and objectives at the management review meeting every year, and the Information Security Department shall update the policy and objectives according to the results of the review and communicate them to the relevant personnel through meetings or telephone calls.
The realization of information security objectives
In order to ensure the realization of safety objectives, risk assessment should be carried out first, according to the results of risk assessment and the requirements of ISO27001:2022 standard to establish system procedure documents, and design the corresponding template form;
All employees shall not deliberately violate the system and regulations related to information security, and strictly follow the relevant regulations;
The information security project team is responsible for measuring and evaluating the information security objective after the annual internal audit and before the management review, recording it in the management system effectiveness measurement scale, and reporting the achievement of the annual information security objective to the management during the management review meeting.
Certification | ISO/IEC 27001:2022 |
---|---|
Site | No.702, Zhide Avenue Xinwu District Wuxi, China |
RegistrationScope | The manufacture of 8 inch non-memory wafer |
Certification No. | IS 795447 |
Valid Until | November 23rd,2026 |
Certification Body | BSI |