Cyber Security and Privacy Protection

In compliance with applicable laws and regulations in countries and regions where it operates and international standards, xFusion creates and improves an effective, sustainable, and reliable cyber security and privacy protection assurance system by referring to the requirements of regulators and customers, as well as industry best practices. Additionally, xFusion actively works with governments, customers, and industry partners to address cyber security and privacy challenges. xFusion does not and will never implant backdoors into its equipment or allow others to do so. We will never illegitimately collect intelligence for any individual or organization, including government organizations, agents, and entities. xFusion is fully aware of the importance of privacy protection. We are committed to protecting personal data of our consumers, customers, suppliers, partners, employees, and other relevant entities, and we comply with all applicable privacy and personal data protection laws and regulations in countries we operate.

xFusion establishes the Compliance Management Committee (CMC) that acts as the company's highest authority on compliance management. The CMC is responsible for deciding on and approving the company's overall strategy for cyber security and privacy protection. The company appoints the Risk Control Officer (RCO) of Cyber Security and User Privacy Protection, who is responsible for leading the team to develop a cyber security and privacy protection strategy and policies, and for managing and overseeing the implementation of cyber security and privacy protection in business domains. The officer also drives communication with stakeholders such as governments, customers, suppliers, partners, and employees.

xFusion has built and implemented an end-to-end global cyber security and privacy protection assurance system crossing all domains. This system covers policies, processes, tools, technologies, and standards. xFusion takes the following key measures for cyber security and privacy protection:

• Publishing the Statement on Establishing a Global Cyber Security Assurance System and xFusion General Privacy Protection Policy to specify the company's attitude toward, general principles of, and requirements on cyber security and privacy protection.
• Urging business departments to identify cyber security and privacy protection risks based on business scenarios and high-risk groups, develop management requirements and incorporate these requirements into related business processes, and IT systems and tools.
• Establishing end-to-end cyber security and privacy protection verification systems, and regularly conducting cyber security and privacy protection measurements, inspections, and internal audits, and making management improvements to address identified issues to continuously improve xFusion's cyber security and privacy protection management.
• Organizing empowerment training and exams concerning cyber security and privacy protection for all employees, and providing special training for managers, high-risk groups, and so on. Establishing an accountability mechanism, publishing the Severity Levels and Accountability Standards for Compliance Violations, and taking disciplinary action against violators.

Statement on Establishing a Global Cyber Security Assurance System