On July 3, Beijing time, the Futu ESOP system was once again certified by the international authority DNV.ISO29151Personal identity information protection practice guide certificate andISO27701The certificate of privacy information management system means that Futu ESOP system has taken another important step in security qualification certification, and it also fully proves the strong strength of Futu in system security construction and customer information protection.
▲ ISO29151&ISO27701 certificate
What is ISO?
ISO is the abbreviation of the International Organization for Standardization (International Organization for Standardization). It is a global non-governmental organization founded in 1947 and plays an important role in the field of international standardization. The purpose of the organization is to promote the development of standardization work worldwide in order to facilitate international material exchange and mutual assistance, and to expand knowledge, science, technology and economic cooperation.
As the largest international standardization organization in the world, the main task of ISO is to formulate international standards, coordinate standardization work worldwide and cooperate with other international organizations to study related standardization issues. AndISO standardIt refers to theA series of global standards developed by ISOIt is an internationally accepted authoritative certification standard in many fields, such as information technology, transportation, agriculture, health care and environment.
ISO29151 and ISO27701
The two ISO certifications obtained by Futu ESOP areISO29151Personal identity Information Protection practice Guide Certification andISO27701Privacy information management system certification.
Among them, the full name of ISO29151, "ISO/IEC 29151 ISO 2017 personal identity practice Protection Guide", is an international standard issued by the ISO Standards Committee in 2017 to guide organizations to achieve privacy security. The standard describes personal identifiable Information (PII) security control measures and risk handling guidelines, covering a total of 26 control domains, 181control measures, applicable to any organization that needs privacy protection, and provides a broad guide for the protection of personal identity information.
ISO27701 certificationIs an extension of ISO27001 and ISO27002 in privacy information management, as well as inAuthoritative on a global scalePrivacy protection standards based onFutu is one of the first Internet securities firms in China to obtain such certification.. The standard was jointly issued by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) in August 2019 to help organizations effectively protect and comply with the personal information collected. The standard will also cover European General data Protection regulations (GDPR) compliance requirements, and GDPR is recognized by the industry as the most stringent privacy protection rule in history.
Security is the first requirement of ESOP system
For ESOP systems, security is the first requirement. In order to meet the stringent security requirements and ensure the security of information data in the transmission, storage and processing of the whole system, Futu ESOP system has set up strict research and development processes and implementation norms, with multiple security guarantees.
System securityOn the one hand, Fu Tu internal establishment of effective vulnerability management process and security research and development process to ensure that vulnerabilities in the system can be found and resolved timely and effectively.Data securityOn the one hand, Futu regards customer data as the company's confidential information, and the company establishes multiple effective access control policies at the physical and network levels to ensure the security of the data.Permission securityOn the other hand, an effective authority audit and management process is established within Futu to ensure that each node is safely controlled in the life cycle of permissions. And Fu Tu has established an effective audit mechanism to ensure that the security measures of personnel operation, business change and system change are effectively landed.
In addition to the ISO29151 and ISO27701 certification obtained this time, Futu ESOP system has also obtained ISO27001 information security management certification and SOC1 audit certification, which fully proves the rationality and effectiveness of Futu internal control design and implementation, and has reliable guarantee in information security, business continuity and other aspects.
In addition, in order to ensure the security of its own system and avoid external intrusion, Futu ESOP chose Tencent Cloud, an enterprise with strong security penetration testing capability in the security circle, to conduct long-term cooperation to find problems regularly to ensure that the ESOP system iterates quickly, while the security capability can also be steadily improved.
Introduction to Futuo comfort
ESOP business is provided by its corporate service brand-FUTU comfort E, which runs through the whole process of the company before and after listing, including one-stop equity incentive management services from incentive scheme design to trust tax collection, data management, exercise rights landing and capital return.
The fully self-developed front, middle and background system makes the equity incentive management of Futu ESOP more flexible and responsive.On the side of the companyFutu provides a professional and efficient administrator system, which allows decision makers to clearly grasp the current situation of options and facilitate managementOn the employee sideThe visual data management system makes employees feel the value of motivation more directly.
Futu ESOP has practical experience in exercising rights and landing on a scale of ten thousand people. after years of polishing, the system stability and business process experience are becoming more and more extreme. Futu ESOP's perfect internal control management, safe operation system and professional technical strength can fully ensure the data security and business security of the enterprise.
At present, Fortuan has signed contracts with more than 200 companies, including Tencent, Kuaishou Technology, KE Holdings Inc., XPeng Inc., China Gas, Pop Mart International, Ming Yuan Cloud Group, Hunpin and so on, of which nearly 50% are companies with a market capitalization / valuation of more than US $1 billion. It is the best choice for many track head enterprises, such as TMT, big consumption, automobile logistics, biomedicine and so on.