FY Group Limited
繁体 EN

Corporate Sustainability

Information Security and Privacy Protection

1. Mission and Policy

FY Group Limited adheres to our core information security mission: "Digital Transformation, Resilient Production, and Customer Trust." As a global leader in sofa manufacturing, we are committed to building a highly resilient security framework. Our goal is to protect core manufacturing technologies, automated production systems, and global customer data to ensure seamless business continuity.

2. Governance and Organizational Structure

To ensure the effective implementation of our Information Security Management System (ISMS), FY Group Limited has established a dedicated governance mechanism overseen by the Board of Directors:
  • Information Security Executive Team: Chaired by the CEO, the team includes the Head of Information Security Officer, CFO, Head of Governance Officer, Head of Internal Audit, and Head of IT.
  • Reporting Frequency: The committee meets four times per year to review policies, with the Head of Information Security Officer reporting directly to the Board of Directors.
  • Three Lines of Defense:
    1. First Line (Operations): Responsible for daily defense and operational self-inspections.
    1. Second Line (Security Governance): Responsible for policy formulation, compliance monitoring, and risk assessment.
    1. Third Line (Internal Audit): Conducts independent audits to verify the implementation of security measures.

3. Management Strategies

In response to the risks associated with digitalized production, we have implemented the following strategic initiatives:
  • OT & Industrial Control Security: We deploy network isolation and antivirus solutions across our automated sofa production lines to prevent ransomware attacks from impacting capacity.
  • Threat Intelligence & Monitoring: In collaboration with regional Computer Emergency Response Teams (CERT) and professional security service providers, we maintain a 24/7 threat monitoring and incident response mechanism.
  • Zero Trust Architecture: Grounded in the philosophy of "Never Trust, Always Verify,"we enforce Multi-Factor Authentication (MFA) and Least Privilege Access for all digital resources.

4. Employee Awareness and Training

  • Social Engineering Simulations: We conduct quarterly phishing simulations, tracking click rates and providing targeted re-education for employees with high click rates.
  • Security Training: Our 2025 goal is a 100% completion rate for all employees, with a focus on strengthening their ability to identify and report suspicious emails.
  • Vulnerability Management: We perform quarterly vulnerability scans on internal systems and ensure timely patching of identified flaws to eliminate potential security risks.

5. Business Continuity Planning (BCP)

To mitigate risks from natural disasters (e.g., earthquakes, fires) or cyberattacks, FY Group Limited has established a robust disaster recovery framework:
  • Data Backup: Implementation of off-site backup protocols to ensure data redundancy and prevent permanent data loss.
  • Disaster Recovery Drills: Annual recovery drills for mission-critical systems, including Enterprise Resource Planning (ERP) and production scheduling systems, to validate recovery procedures.
  • Performance Metrics:
    • Recovery Point Objective (RPO): Targeted at less than 8 hours (maximum acceptable data loss).
    • Recovery Time Objective (RTO): Targeted at less than 24 hours (maximum acceptable downtime for critical services).

6. Privacy Protection and Customer Commitment

FY Group Limited strictly complies with data protection regulations in all jurisdictions of operation (including the General Data Protection Regulation (GDPR) and local data protection laws):
  • Privacy Policy: We uphold strict confidentiality regarding customer orders, design blueprints, and personal contact information, guaranteeing no unauthorized secondary use or disclosure of such data.
  • Grievance Channels: Dedicated privacy protection hotlines and email addresses have been established to address stakeholder inquiries, complaints, or concerns related to privacy issues, with a response time commitment of 5 business days.
  • Compliance Record: Over the past four fiscal years, FY Group Limited has maintained zero incidents of data leakage, customer privacy violations, or regulatory fines, demonstrating our commitment to privacy and compliance.