1、 General Provisions

To ensure the data security of the company's information system, prevent risks such as data leakage, tampering, and loss, and ensure the confidentiality, integrity, and availability of data, training is provided to management personnel.

2、 Data classification and protection level

The company classifies data, clarifies the protection level of various types of data, including but not limited to sensitive data, confidential data, core data, etc., and takes corresponding security protection measures.

3、 Data Access Control

（1） Implement strict user authentication and access control mechanisms to ensure that only authorized users can access the corresponding level of data.

（2） Adhere to the principle of 'minimum privilege', assign necessary minimum data access privileges to each user, and regularly review and adjust user permissions.

4、 Data storage and backup

（1） Data should be stored in secure and reliable storage media, and encryption technology should be used to protect the data security during the storage process.

（2） Regularly backup data to ensure its recoverability. Backup data should be stored in a secure location independent of the production environment, and the integrity of the backup data should be regularly checked

usability.

5、 Data transmission and exchange

（1） Data should be encrypted during transmission to ensure the security of data transmission over the public network.

（2） Strictly control the data exchange process, clarify the purpose, scope, method, and security measures of data exchange, and prevent data from being leaked or tampered with during the exchange process.