File Description Information SafetyManagement PolicyJY/WI-AD01101 页码Page：1/151.0目的Purpose规范公司信息处理程序，确保公司各种信息访问和交流的安全性。

To standardize information processing procedures and ensure the safety of access to various information and communications of the Company.2.0范围Scope适合公司各类信息载体（含电子文档，纸质文档）。

Various types of information carriers of the Company (including electronic files and paper files).3.0权限Scope of Authority3.1总经理General Manager3.1.1批准公司信息安全管理程序；3.1.1Reviewing and approving the Company’s information safety management policy;3.1.2为公司落实信息安全管理程序提供资源保障；3.1.2 Providing resources for the implementation of the Company’s information safetymanagement policy;3.1.3批准公司核心员工和敏感电脑。

3.1.3 Approving the appointment of key employees and allocation of sensitive computers.3.2管理者代表Management Representative审核信息安全管理程序，协调各部门认真执行该程序。

Reviewing the information safety management policy and coordinate the implementation of the policy in individual departments.3.3人事行政部Personnel & Administration Department3.3.1制定并落实信息安全管理程序；3.3.1 Formulating and implementing the Company’s information safety management policy;3.3.2对员工进行安全保密法规教育，增强员工信息安全意识，组织核心岗位员工签订保密协议；3.3.2 Educating and training employees in terms of the confidentiality-related regulations,enhancing the employee awareness of information safety and signing confidentiality agreement with employees working on key posts;3.3.3对信息安全管理程序落实情况进行检查并进行记录，提出奖罚意见。

3.3.3 Supervising the implementation of the information safety policy, keeping records of theimplementation and proposing punishment recommendations.3.4各部门Individual Departments督促员工执行公司信息安全管理程序，确保公司信息安全。

3.4 Supervising the implementation of the Company’s information safety management policy andensure the information safety of the Company.4.0定义Definitions4.1信息：信息是事物现象及其属性标识的集合；4.1 Information: Information is a collection of a phenomenon and its property identifiers;4.2信息载体：分为计算机电子文档，文件资料纸质文档；4.2 Information carrier: Electronic files and paper files;4.3企业秘密：不为公众所知晓，能为权利人带来经济利益和竞争优势，具有实用性并经权利人采取保密措施的信息。

其范围为公司发展规划，重大决策和投资，月季年度财务信息，对外商务谈判信息，各种对外合同协议，公司总经理办公会会议记录，员工人事档案；公司产品及模具设计图纸，制造工艺，新技术新产品研发资料；原材料采购信息，成品及半成品检测报告；公司客户相关信息，客户所提供的技术和产品资料等；4.3 Enterprise secrets: Information of practicality not known to the public that may bringeconomic benefits and competitive advantages and for which the owner takes security measures. The scope of enterprise secrets covers the development plans, major decision and investment, monthly, quarterly and annual financial statements, external business negotiation,external contractual agreements, minutes of the General Manager's meetings, personnel files, products and mold design drawings, manufacturing processes, new technology and new product development, raw material procurement, test reports and semi-finished products, customer information, technical and product information supplied by customers, etc;4.4保密文件：含有企业秘密的信息；4.4 Confidential file: A file that contains enterprise secrets;4.5敏感电脑：装有公司企业秘密的电脑；4.5 Sensitive computer: A computer that contains enterprise secrets;4.6核心员工：主管以上员工、人事行政部文员和出纳、工程部、市场部、物控部所有员工、总经理确定的员工。

4.6 Key employees: Employees who holds an office of the department director or above, clerks andcashiers of the Personnel and Administration Department, all staff members of the Engineering Department, the Market Department, the Material Control Department and other employees the General Manager considers as key employees.5.0程序Procedures5.1公司计算机网络信息安全管理5.1 Information safety management for the computer network of the Company5.1.1 为确保公司计算机网络的信息安全，特设网络管理员岗位，其职责为：5.1.1 A network administrator is appointed to for the information safety management for thecomputer network of the Company with the following responsibilities:5.1.1.1制订落实计算机网络信息安全管理制度；5.1.1.1 Formulating and implementing the information safety management policy for thecomputer network of the Company;5.1.1.2每季对公司电脑安全使用情况进行检查，检查项目见（计算机健康巡检记录表）并进行记录；5.1.1.2 Inspecting the safe use of computers of the Company on a quarterly basis and keepinga record of the inspection (Refer to the Computer Health Inspection Record);5.1.1.3负责联系对电脑的定期保养和维护，全程监控敏感电脑的维护；5.1.1.3 Being responsible for the periodical maintenance of computers of the Company andfully controlling the maintenance of sensitive computers;5.1.1.4每季度更新公司服务器密码（8位数以上且数字与字母混编），并对公司计算机网络做好系统备份，确保系统安全运行；5.1.1.4 Updating the server password (8 digits or more and mixed with letters) and backing upthe data on the computer network, ensuring the safe operation of the system;5.1.1.5处理公司计算机网络重大事故并对责任人提出绩效扣分意见等。