To continuously improve the level of network and information security and data security governance, the Industrial Bank (IB) held its 2023 Meeting of Network and Information Security Leading Group and Data Security Leading Group on October 12, 2023. The meeting reviewed the 2023 report on the implementation of IB’s network and information security as well as data security, and deployed the work for the next step. Sun Xiongpeng, member of the IB Board of Director, member of the CPC IB Committee, and Deputy Leader of the IB Leading Group, presided over the meeting, while Lyu Jiajin, Chairman of the IB Board of Directors, Secretary of the CPC IB Committee, and Leader of the IB Leading Group, delivered an important speech in the meeting.
Lyu pointed out that the CPC and the State attach great importance to the network and information security and data security work. As an important domestic bank within the Chinese banking system, network and data security are related to the long-term stability of IB. First, all IB departments and institutions should raise the ideological awareness, strengthen the organizational leadership, truly recognize the significance of network and data security in corporate development, internal management, and service for the economy, and truly put the importance of the Party committees at all levels in security work on the agenda. Second, it is necessary to consolidate the basic capacity, strengthen the system construction, establish and improve the comprehensive security system covering various fields, such as business, demand, process, research and development, operation and maintenance sectors. Third, all IB departments and institutions should give full play to professional advantages, continuously strengthen the construction of talent teams, conduct well the safety education and training work for all employees, and improve the management of branches and subsidiaries, including its overseas organizations. Fourth, all IB departments and institutions should put into real effect the supervisory inspection and analysis of representative cases, hold the person and department accountable seriously for the problems found in internal inspections, and expand the scope of publicity and warnings to raise the awareness of security responsibilities among all the employees. Fifth, all IB departments and institutions should organize the young employees to strengthen their research capacity and improve data and process standardization, and further strengthen the robustness of network and information system.
IB attaches great importance to the work of network and data security as well as privacy protection, which mainly includes the four aspects as follows:
First, IB strengthens high-level guidance and organizational guarantee in its work. Its Board of Directors effectively fulfills the supervisory responsibilities in the work of protecting network and data security and personal information, reviews the work report on IB’s protection of personal information, and conducts the thematic research on data management and security work in the front line of the Head Office departments each year. It issued two opinion-transmission letters involving privacy protection and data security in December 2022 and June 2023 respectively, and supervised the correction of the same matters. Moreover, IB sets up a network and information security work leading group and a data security work leading group, both of which are chaired by the Chairman of the Board of Directors and a director as the group leader and deputy leader respectively. The two groups are responsible for reviewing and approving IB’s network and data security strategies, plans, and major decision-making, and holding special meetings every year to study and deploy the key work of network and data security.
Second, IB improves the security level of its own business and products, promotes and establishes the impact assessment mechanism for protecting personal information and data security, embeds the privacy protection requirements into product development, business processes and system design, strictly adheres to the principle of “legality, legitimacy and necessity”, so as to minimize the collection of customers’ personal information. Meanwhile, it strengthens the application of privacy protection techniques, establishes and implements a complete network-based financial risk control system and model, and adopts differentiated security measures such as enhanced authentication and suspicious transaction blocking according to different equipment environments, business functions, usage scenarios, and transaction risk levels.
Third, IB comprehensively strengthens its supply chain management and reviews, makes regular inspections and assessments of suppliers annually, establishes an IT supplier information security access mechanism, proposes clear normative requirements for suppliers regarding data and source code security, protection of personal information and information system security in the process of purchasing and cooperating with information technology products and services, and conducts the full-process tracking supervision. Meanwhile, it actively puts into effect the supervisory inspection of cooperative institutions. Since 2022, at least 10 external cooperative institutions have been subjected to IB’s special inspections on data security, ensuring their effective fulfillment of the agreed data security obligations.
Fourth, IB continues to build a bank-wide long-term publicity and training mechanism to improve the awareness and ability of all employees in the prevention of information security risks. In 2023, IB made the mandatory placement of screensavers regarding such security publicity themes as the protection of personal information at all internal and external employee terminals of the Bank’s premises. Moreover, IB designed, produced, and distributed more than 65,000 publicity brochures on representative cases of infringing upon rights and interests of personal information (to all regular, labor dispatching and outsourced employees), further educating and alerting all its employees. Furthermore, IB conducted special targeted training on the protection of personal information and other topics for employees at the key positions of the retail line (including regular, labor dispatching and outsourced employees) to strengthen the safety education and training work.