Information Safety and Intellectual Property Protection
First and foremost, 21GCTT assumes any obligation created by the applicable laws of China and the U.S. as a company operating in both countries. Beyond the generalities of these laws, it is our company practice to sign multiple Intellectual Property Rights (IPR) Protection Agreements with our customers.
In addition, every 21GCTT employee is required to sign a Confidential Information, Inventions Assignment and Non-Competition Agreement. This agreement was drafted to be consistent with both Chinese and U.S. law, creating a legal obligation on the employee (hence 21GCTT) to protect and honor the customer’s intellectual property rights, and granting 21GCTT the right to prosecute any employee that violates those rights.
Awareness and Communication
It is essential that all aspects of information security, including confidentiality, privacy and procedures relating to system access, should be incorporated into formal staff induction procedures and conveyed to existing staff on a regular basis.
At 21GCTT, each employee, on commencement of employment, have been made aware that they must not divulge any information that they may have access to in the normal course of their employment. Our staff have also been made aware that they should not seek access to data that is not required as part of their normal duties. Our system administrators are properly trained in all aspects of system security prior to supporting these systems.
We have an internal investigation unit consisting of senior technical architects as well as the IT manager. All team members participate in this unit if there is an incident.
Leak of Information
Identification: Information Leakage is identified with checking various best-of-breed tools for e-mail, files, and systems.
Protection: To protect users from the information leakage, 21GCTT will immediate change all the related and close related access that will directly and indirectly impact by the leakage of information. A multilayered virus defense system is installed on every computer and server. 21GCTT will also work closely with the client’s IT system and team to do the same on their locations and equipments
Eradication: As soon as information leakage is identified and proven to be genuine, both client and police (IT investigation group) will be reported to and immediate investigation will be launched.
The last line of defense from the software perspective is the deployment of the policy-based contention protection by the TrendMicro eManager.
Finally, our last and one of our most important lines of defense is the continuous training provided to all our employees. Besides QA processes, service qualities, and IP protection, security is one of the top topics in our training. In addition, employees are provided with frequent refreshers on virus awareness.