FriendTimes Inc. has officially passed the certification of ISO/IEC 27001 Information Security Management System, achieving a new height in enterprise information security management and realizing the integration with the international mainstream model.
ISO27001 is the world's most authoritative, widely accepted, and applied system certification standard in the field of information security. Mostly applicable in the field of information security, it covers not only privacy, confidentiality, and information technology, but also legal, personnel management, materials management, and many other aspects, putting forward very specific requirements and standards for information security.
As an Internet cultural and creative enterprise, FriendTimes attaches great importance to data security and actively promotes it. To respond to the call of the national policy and ensure the smooth progress of the certification, FriendTimes has set up a special seminar group - Information Security Committee, which is specifically responsible for assessing information security risks, proposing coping strategies, supervising enterprise data security management, etc. While further strengthening its data security governance capabilities, the company continues to elevate information security to a strategic height at the group level and build an information security management system that meets international standards.
During the construction of the information security management system, FriendTimes further refined the information security workflow and related rules and regulations. Starting from confidentiality, integrity, availability, and stability, based on the four dimensions of intelligence, operation, baseline, and system, it tightly focused on 14 control domains and 35 control objectives, including asset management, access control, encryption technology, information security event management, and business continuity management, to ensure the standardized operation of the organizational system, strengthen the supervision of system operation, effectively prevent risks, improve service efficiency, and enhance the competitive advantages of the enterprise.
Taking the anti-addiction system of online games for minors as an example, FriendTimes fully accessed the national real-name authentication system, established the game age-appropriate notice system, and strictly enforced the anti-addiction requirements for minors to answer the call of the national policy. At the same time, the company set up exclusive channels, special processes, and customer service for complaints to deal with issues related to the protection of minors, and specially built the system of Parental Controls in Online Gaming for Minors to help parents jointly solve the addiction problem of minors. With the above technical means, the physical and mental health of minors can be well protected.
Starting from user privacy protection, FriendTimes has additionally checked the existing systems and processes involving information security and made a systematical improvement. In conjunction with PDCA, the data security management has been continuously optimized to apply the principles of legality, consistent authority and responsibility, user participation and security to the whole life cycle of user data, so as to further guarantee the security of user privacy. Passing the certification of the information security management system is just one critical link of the security work. Currently, FriendTimes is preparing for the certification of Level 3 Cyber Security, in an effort to be more active in promoting information security-related work, and to better protect user privacy and network and information security.
The first and permanent principle of FriendTimes is to guarantee information security and data privacy protection. In the future, with the support of the ISO/IEC 27001 Information Security Management System, FriendTimes will intensify efforts to improve information security and data protection, construct better digital systems, and effectively fulfill its social responsibility to further increase user engagement, continuously improve information security management, and strengthen risk prevention and control system. While improving competitiveness of itself, the company will provide reliable digital solutions to protect its diversified business worldwide.