|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We have established policies and processes for assessing, identifying and managing material risks from cybersecurity threats. We routinely assess material risks from cybersecurity threats that may result in adverse effects on the confidentiality, integrity, or availability of their information systems or any information residing therein.
We conduct weekly cybersecurity risk assessments and monthly data security risk assessments to identify cybersecurity and data security threats. These risk assessments are conducted by our IT team. The cybersecurity risk assessments involve internal and external security. Internally, we view all visit histories to external websites made by internal equipment connected to our network system, including personal devices such as cell phones and laptops used by employees and machines and equipment at our manufacturing plants and use a third-party software to check any potential security risks from those external visits. Externally, we use firewall to monitor and detect any port scanning conducted by third parties, which attempt to randomly scan and enter into our network and collect our data without our authorization. We use a third-party software to generate reports of visits to external websites by internal devices and visits to our network by external parties, identify each IP address and block those suspicious IP addresses to stop connections to or from them. To ensure our data security, we check and back up our data twice a month and store our data in different locations each month. We require any employees who have the need to connect to our network system when they are on a business trip outside our network to install a third-party software on their mobile devices to establish an IPsec Virtual Private Network (“VPN”) to ensure the secured and encrypted connection to our internal network.
We also conduct network stress testing to simulate high volumes of network traffic to our network system in order to test our network system function and efficiency, identify any potential performance risks or system weakness and improve our network system. The internal testing is conducted by our IT team by using a third-party software. We do not have a fixed schedule to conduct the network stress testing. Instead, we randomly conduct the testing to check our system’s actual response and evaluate our IT team’s ability to detect and respond to such incidents.
Following these risk assessments, we will upgrade, implement, and maintain reasonable safeguards to address identified risks, reasonably address any identified gaps in existing safeguards, and regularly monitor the effectiveness of our safeguards. During the fiscal year 2024, we did not identified any material risks through our risk assessments in connection with cybersecurity or data security.
We reference to the ISO 27001 standard, an international standard to manage information security, to establish and maintain a comprehensive security management system. We have implemented a series measures to provide safeguards, including but not limited to, information security management, access control, authentication requirements, data backup and recovery function. We have established the Emergency Working Group to manage the risk assessment and mitigation process.
As part of the overall risk management strategies, we also conduct cybersecurity trainings for our employees on needed basis based on the observation of their work practice and evaluation of our IT team.
During the fiscal year ended December 31, 2024 and to the date of this Annual Report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. For additional information regarding whether any risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 20-F.
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We routinely assess material risks from cybersecurity threats that may result in adverse effects on the confidentiality, integrity, or availability of their information systems or any information residing therein.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. For additional information regarding whether any risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 20-F.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Our Chief Executive Officer and/or Chief Financial Officer will annually present to the Audit Committee and the Board of Directors about the Company’s and the PRC operating entities’ cybersecurity related risk assessments and management, including but not limited to, relevant internal rules and policies, assessment of potential cybersecurity threats or risks, improvements and prevention measures. In the event that the management discovers that a material cybersecurity incident occurs, the Chief Executive Officer and/or the Chief Financial Officer will timely report such incident to the Audit Committee and the Board of Directors, with respect to material aspects, including but not limited to, the nature, scope, timing, the remedial measures and risk mitigation processes taken by us, material impacts and any prevention measures or improvements to be implemented.
Our Audit Committee is responsible to assist the Board of Directors in fulfilling its oversight responsibilities with respect to the review and assessment of our risk management, risk assessment and major risk exposures with respect to privacy and cybersecurity and information technology risks. Our Audit Committee will periodically review and discuss with the Company’s relevant officers material risks relating to data privacy, technology and information security, including cybersecurity, threats and back-up of information systems and the Company’s processes for assessing, identifying, and managing such risks, as well as the Company’s internal controls and disclosure controls and procedures relating to cybersecurity incidents.
Our Board of Directors shall (i) oversight the review and assessment of our risk management, risk assessment and major risk exposures with respect to privacy and cybersecurity and information technology risks, (ii) review the disclosure related to cybersecurity matters in our current reports or periodic reports, (iii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to us, and the relevant disclosure issues, if any, presented by our Chief Executive Officer and/or Chief Financial Officer, and (iv) review disclosure concerning cybersecurity matters in our annual report on Form 20-F presented by our Chief Executive Officer and/or Chief Financial Officer.
We have adopted the information system emergency plan to establish and improve our information security emergency response mechanisms in order to effectively prevent, promptly control and mitigate and eliminate any adverse impacts in the event of any network and information system emergencies. We classify information system incidents into three categories based on the incident causes that results in operation interruption, system shutdown or other situations: (i) attack incidents, where our information system is infected by computer viruses or illegally invaded; (ii) failure events which are caused by computer software and hardware failures, power outages, human error operations and others; and (iii) disaster events which are caused by external factors such as explosions, fires, lightning strikes, earthquakes, typhoons,. We have implemented different procedures in the event of different types of incidents. We have established the emergency working group (the “Emergency Working Group”), consisting of members from our IT team. The Emergency Working Group is responsible to monitor and identify any information system incidents, conduct initial report of identified incidents, classify incidents, initiate emergency plans and measures, organize and dispatch resources to implement measures, control and eliminate potential risks and impacts caused by any cybersecurity and data security related incidents. Afterwards, the Emergency Working Group investigates the reasons of each incident, identify existing weaknesses and risks, conduct comprehensive security check and propose and finalize the improvement measures. As of the date of this annual report, our IT team consists of 6 people, led by our IT team manager, who has over 13 years’ work experience in risk management, network management, information technology and cybersecurity with an associate degree in computer information management.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Audit Committee is responsible to assist the Board of Directors in fulfilling its oversight responsibilities with respect to the review and assessment of our risk management, risk assessment and major risk exposures with respect to privacy and cybersecurity and information technology risks. Our Audit Committee will periodically review and discuss with the Company’s relevant officers material risks relating to data privacy, technology and information security, including cybersecurity, threats and back-up of information systems and the Company’s processes for assessing, identifying, and managing such risks, as well as the Company’s internal controls and disclosure controls and procedures relating to cybersecurity incidents.
Our Board of Directors shall (i) oversight the review and assessment of our risk management, risk assessment and major risk exposures with respect to privacy and cybersecurity and information technology risks, (ii) review the disclosure related to cybersecurity matters in our current reports or periodic reports, (iii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to us, and the relevant disclosure issues, if any, presented by our Chief Executive Officer and/or Chief Financial Officer, and (iv) review disclosure concerning cybersecurity matters in our annual report on Form 20-F presented by our Chief Executive Officer and/or Chief Financial Officer.
We have adopted the information system emergency plan to establish and improve our information security emergency response mechanisms in order to effectively prevent, promptly control and mitigate and eliminate any adverse impacts in the event of any network and information system emergencies. We classify information system incidents into three categories based on the incident causes that results in operation interruption, system shutdown or other situations: (i) attack incidents, where our information system is infected by computer viruses or illegally invaded; (ii) failure events which are caused by computer software and hardware failures, power outages, human error operations and others; and (iii) disaster events which are caused by external factors such as explosions, fires, lightning strikes, earthquakes, typhoons,. We have implemented different procedures in the event of different types of incidents. We have established the emergency working group (the “Emergency Working Group”), consisting of members from our IT team. The Emergency Working Group is responsible to monitor and identify any information system incidents, conduct initial report of identified incidents, classify incidents, initiate emergency plans and measures, organize and dispatch resources to implement measures, control and eliminate potential risks and impacts caused by any cybersecurity and data security related incidents. Afterwards, the Emergency Working Group investigates the reasons of each incident, identify existing weaknesses and risks, conduct comprehensive security check and propose and finalize the improvement measures. As of the date of this annual report, our IT team consists of 6 people, led by our IT team manager, who has over 13 years’ work experience in risk management, network management, information technology and cybersecurity with an associate degree in computer information management.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Audit Committee is responsible to assist the Board of Directors in fulfilling its oversight responsibilities with respect to the review and assessment of our risk management
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|As of the date of this annual report, our IT team consists of 6 people, led by our IT team manager, who has over 13 years’ work experience in risk management, network management, information technology and cybersecurity with an associate degree in computer information management.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We have implemented different procedures in the event of different types of incidents. We have established the emergency working group (the “Emergency Working Group”), consisting of members from our IT team. The Emergency Working Group is responsible to monitor and identify any information system incidents, conduct initial report of identified incidents, classify incidents, initiate emergency plans and measures, organize and dispatch resources to implement measures, control and eliminate potential risks and impacts caused by any cybersecurity and data security related incidents.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Chief Executive Officer and/or Chief Financial Officer will annually present to the Audit Committee and the Board of Directors about the Company’s and the PRC operating entities’ cybersecurity related risk assessments and management, including but not limited to, relevant internal rules and policies, assessment of potential cybersecurity threats or risks, improvements and prevention measures.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef