Invest resources in information security management

The Company has invested the following resources to strengthen its information security management:

• Information security personnel shall participate in professional information security education and training annually.
• Designated personnel are responsible for organizing at least one internal information security training session each year.
• Vulnerability scanning is conducted at least once annually, with remediation and control measures applied to high-risk vulnerabilities.
• Social engineering simulation drills are performed at least once annually, accompanied by corresponding education and training programs.
• Recovery plans for core information and communication systems shall be rehearsed on a regular basis and adjusted accordingly based on drill outcomes.
• A server room, network infrastructure, and information security protection systems have been established at the new Xiangshan facility.