TANCHENG GROUP CO., LTD. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

TANCHENG GROUP CO., LTD. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 08:00:29 EDT.

Filings

10-K filed on 2024-03-29

TANCHENG GROUP CO., LTD. filed an 10-K at 2024-03-29 08:00:29 EDT
Accession Number: 0001683168-24-001846

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognized the significance of cybersecurity in our business operations. Therefore, we have established a comprehensive cybersecurity and risk management framework, which includes regular cybersecurity risk assessments to identify and evaluate potential cyber-attack threats and information security weakness that may affect our business. We plan to implement a series of preventive measures, including firewalls, cyber-attack detection systems, and data encryption, to safeguard confidential information and data. We will regularly conduct cybersecurity awareness training for employees to enhance their awareness of potential cybersecurity threats and ensure they take appropriate preventive measures. We ensure compliance with PRC laws and regulations, including but not limited to the Cybersecurity Law, the Personal Information Protection Law and The Cybersecurity Review Measures (2021 version). We endeavor to take appropriate measures to protect national secrets and sensitive data while ensuring that the disclosure complies with PRC restrictions on data transport. Our cybersecurity crisis management plan outlines the items, procedures and actions we will undertake in the event of a cybersecurity incident, including detection, response, mitigation and remediation. When a potential threat or incident arises, our cybersecurity incident response team, currently consisting of one cybersecurity expert, will assign a risk level classification and initiate the necessary escalation procedures outlined in our plan. All incidents that are initially assessed by the cybersecurity incident response team as potentially high-risk are escalated promptly to our Chief Financial Officer, who will determine whether and what elements of our cybersecurity crisis response and management plan should be activated, including escalation to other senior management. Our Chief Financial Officer will inform our board of directors of cybersecurity incidents, as appropriate, considering a variety of factors, including financial, operational, legal or reputational impact. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. In the event of any significant cybersecurity incidents, we will publicly disclose the nature, scope, and impact of the incident, as well as the remediation measures we implement. Risk Governance We are committed to appropriate cybersecurity governance and oversight. Our technology and cybersecurity program is the principal responsibility of our board of directors. Our board of directors will regularly review the cybersecurity policies and incident response plans to ensure the company remains vigilant against cybersecurity threats. 24 Our board of directors has oversight of our strategic and business risk management and has delegated cybersecurity risk management oversight to the Chief Financial Officer and our cybersecurity incident response team. Our board of directors are responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and to implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Management is responsible for identifying, assessing, and managing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures, maintaining cybersecurity policies and procedures, and providing regular reports to our board of directors. The company will continue to commit to maintaining high standards of cybersecurity practices to protect the interests of our customers, shareholders, and other stakeholders. We will continuously monitor the latest developments in the field of cybersecurity and update our cybersecurity and risk management framework as needed.

Company Information