Risk Management and Strategy

​

We believe an effective cybersecurity program is critical to guard the confidentiality, integrity, and availability of our information systems and data residing in those systems. We have built and continue to evolve processes for assessing, identifying, and managing material risks from cybersecurity threats. We have embedded the oversight and management of cybersecurity risk within our enterprise risk management framework to help drive a company-wide culture of cybersecurity risk management, and we have established policies and procedures as well as a reporting line of governance that guide our cybersecurity risk management program.

Governance

​

Our board of directors leads cybersecurity efforts directly and plays an active role in preparing for cybersecurity challenges. Board members familiar themselves with cybersecurity risks through self-learning and delegate the task of dynamically monitoring cybersecurity to the secretary of the board, who is responsible for promptly tracking and staying informed about the dissemination of the Company’s network information. We also ensure that there is a prompt and synchronized internal exchange of network information. The board encourages all departments and employees to provide timely and convenient feedback on cybersecurity issues. Once risks are identified, they are swiftly shared and discussed to formulate response strategies. In addition, we strengthen information security education and training. In response to the continuously evolving network environment, the Company proactively shares and conducts training on the latest developments in cybersecurity. Such training helps enhance overall awareness of cybersecurity risks among our staff and, as a result, effectively prevents common cyber threats.

​

We are also registered with the UK Information Commissioner’s Office (“ICO”), which is the UK’s independent regulatory authority overseeing data protection matters under relevant laws and regulations, such as the Data Protection Act 2018 and the General Data Protection Regulation. Having completed our registration, we regularly stay updated with the latest cybersecurity news and alerts from the ICO. As part of our cybersecurity measures, our business practices also adhere to ICO standards.

​

Through the implementation of these comprehensive cybersecurity controls, we have effectively minimized significant cybersecurity risks to our operations. To date, we have not encountered any cybersecurity incidents which have affected or are reasonably likely to affect us.