Information Security Risk - China Petrochemical Development Corporation, CPDC, supplies and markets the following upstream raw material: petrochemical, plastic chemical, textile, chemical fibers, artificial fibers, resin, engineering plastics

Information Security Management Framework

CPDC has established the Chief Information Security Officer to oversee the promotion of information security policies and resource allocation, and has set up an Information Security Management Team under the Information Office, as well as an information security manager and two information security personnel, who are responsible for formulating corporate information security policies, planning and implementing information security procedures, and promoting and implementing information security policies.

CPDC introduced ISO 27001 Standards to strengthen its current information security system and formulated information security policies. Certification by an external body was obtained in February 6, 2024 (Valid date of certification：2027/2/5). In addition, we established an internal information control system to promote information security governance, and collaborate with the auditing unit to arrange annual information security audit plans and to conduct evaluations at least once a year to ensure the confidentiality, integrity and availability of information related to CPDC’s operations and that the company’s overall capabilities in information security protection is in line with operational needs.

Information security risk identification and management

CPDC will continue to optimize and improve its information security management policies. CPDC’s information security management measures are as follows:

Regularly implement information security education and training in order to promote information security policies, related regulations and concepts related to information security protection and to enhance employee’s awareness for information security.
On an annual basis, CPDC commissions a third-party company to conduct regular cybersecurity audit and assessments such as external audit, vulnerability scanning, and security health check to ensure that our information systems and the network comply with safety standards.
Regularly conduct information security inspections, and conduct fixes based on the inspection results to reduce information security risks.
Establish a notification and response mechanism for information security incidents to ensure proper response, control and handling of information security incidents.
Perform regular information security audits to ensure the implementation of the information security management system.
Execute all matters in accordance with relevant laws and regulations.