About Us » Information Security

ProBio’s Information Security

Overview of Information Security Policy

At ProBio, we are dedicated to securing our systems and protecting data integrity, guided by the core principles of the NIST Cybersecurity Framework and ISO 27001 standards. Information security and privacy protection lay the foundation for corporate compliance and sustainable operations. Our policies ensure robust protection, thorough risk management, and continuous improvement across all our processes.

ProBio Data Security Policy

Our Data Security System covers the following areas:

Definition：We analyze organizational and industry policies to establish norms for data usage and define what constitutes sensitive data.
Identification：This involves positioning and classifying data according to its sensitivity and defining data protection levels accordingly.
Control：We enforce strict controls throughout the data lifecycle, employing policies and a management platform for meticulous authority oversight.
Supervision：Our systems ensure data is used appropriately within its intended bounds and log any unauthorized data activities for evidence and review.
Practice：We continuously monitor data, adapting our strategies to ensure operational continuity and security resilience.

In 2023, we enhanced our routine information security protocols, rigorously auditing outbound communications and data transactions. This also included improving our channels for reporting information security incidents and mitigate data leak risks:

Optimize the permission management policy for outbound emails, and disable outbound emails by default unless external communication is necessary for work
Minimize privileged accounts that are not necessary for work, and define requirements in the IT System Privileged Account Management Process
Inspect the installation of social media software across the Group, and uninstall software for those who have not applied for permission or whose permission has expired
Deploy a data backup and recovery system to prevent ransomware risks and ensure timely data recovery and business continuity

Incident Response Plan

Our structured incident management protocol includes:

Incident Discovery：Employees are required to report any observed or suspected security vulnerabilities immediately to the Information Security Department.
Security Incident Report：Discovered incidents are promptly reported by the discovering employee directly to the Information Security Department or through designated channels.
Security Incident Response：Our teams collaborate to swiftly address and mitigate any security incidents, minimizing potential impacts efficiently.

ProBio Privacy Policy

As a global biotech leader, ProBio diligently adheres to the laws and regulations governing digital assets and personal data privacy across all the countries and regions in which we operate. A cornerstone of our commitment to our customers is the protection of their privacy. To this end, we have developed a robust customer information security protection system that isolates and desensitizes personal data, thereby preventing any potential data breaches.

Collection：Minimize the collection of customer data
Use：Inform customers of the scope of data use
Deletion：Allow customers to delete personal data
Storage：Ensure safe and stable data storage

Our publicly accessible Privacy Policy articulates the foundational principles governing the collection, use, and storage of customer data, ensuring transparency and trust. We process customer data strictly to the extent necessary, minimizing it to what is reasonable and essential for our operations. Moreover, our contracts with customers incorporate specific privacy protection clauses, further securing their personal information and reinforcing our dedication to their data security.

Our ongoing efforts include the publication of the Data Security White Paper, which outlines our comprehensive data security management practices across the business and customer data lifecycle.