Dalian Xinhua Infotech Co., Ltd.
     

The company has been accredited with the "ISO/IEC27001:2005 Information Security Management System" certificate. This is currently considered to be the most important ISMS standard worldwide. It signals that our company has formally developed an information safety and security system appropriate for the actual operations we are involved in.

   ISO27001信息安全管理体系
ISO27001ISMS
 
[Main Requirements]
Based on standards set out in "ISO/IEC 27001:2005ISMS Information Security Management System Requirements", an information security system has been structured, implemented, operated, supervised, audited, maintained and improved upon to suit the actual management conditions present in our company. This is mainly used in contract clauses with clients and third parties to prove that our information security management system at our company is able to satisfy regulatory standards. Our company and all our employees will strive to effectively and thoroughly implement, maintain and improve the system.
 
[Main Objectives]
Accuracy, customer's satisfaction level, timely delivery, security and confidentiality
 
[ISMS Policy]
Satisfy clients' needs, implement risk management, ensure information security, realize continuous improvement
 
[Managers' Pledges]
We use computers and internet equipment to provide BPO services. Therefore the security of the informational assets is the most important thing for us. In order to maintain the security, integrity and, usability of all the information, as well to provide our clients with a more reassuring service, our company has developed an Information Security Management System (ISMS) according to ISO/IEC27001:2005 standards, and we pledge as follows:
 

A)

Company management system

We will develop an integral ISMS for each level of hierarchy in the company's structure. We will confirm the information security policy, security objectives and control strategy. We will clarify management responsibility for security of the information.
 

B)

Satisfy legal, statutory and client requirements.

We will identify and satisfy the requirements of relevant laws and statutes as well as requirements from clients and other related parties concerning information security.
 

C)

Continuous improvement:

We will periodically implement information security risk evaluations, and ISMS audits. We will take corrective and preventative measures to ensure the continuing effectiveness of the system.

 

D)

Information protection:

We will utilize advanced and effective facilities and technologies to deal with, transfer, store and protect various information.
 

E)

Education and training:

We will continuously educate and train our employees concerning information security, to strengthen employees' awareness and ability with regard to this issue.

 

F)

Continuous service management:

We will prepare and maintain a complete plan for continuous service provision, and realize sustainable development.
 

G)

Policy audits:

We will periodically audit the appropriateness and sufficiency of the basic policies in relation to the actual circumstances, and make revisions as necessary.


June 1st, 2006
Dalian Xinhua InfoTech Co., Ltd.
General Manager Yang Fan
Date Updated 2008.8.6 Copyright 2007 Dalian Xinhua Infotech Co., Ltd. All rights reserved