Risk Management and Strategy

We have implemented robust processes for assessing, identifying and managing material risks from cybersecurity threats and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. We have also integrated cybersecurity risk management into our overall enterprise risk management system.

We have established a comprehensive information security framework that includes a dynamic and multi-layered cybersecurity defense system to effectively mitigate both internal and external cyber threats. We have implemented an information security emergency response mechanism, categorizing security incidents into four main types: cyber-attack incidents, malicious program incidents, information leakage incidents, and information security incidents, and developed emergency response plans for each type of incident. Our cybersecurity defense system spans multiple security domains, including network, host, and application layers. It integrates a range of security capabilities such as threat defense, continuous monitoring, in-depth analysis, rapid response, as well as strategic deception and countermeasures. Our approach to managing cybersecurity risks and safeguarding sensitive data is multi-faceted, involving technological safeguards, procedural protocols, a rigorous program of surveillance on our corporate network, ongoing internal and external evaluations of our security measures, a solid incident response plan, and regular cybersecurity training sessions for our employees. Furthermore, we have implemented a comprehensive information security monitoring system that forecasts and issues timely warnings regarding potential or ongoing information security emergencies, including cybersecurity threats. Our IT department is actively engaged in continuous monitoring of our application, platforms and infrastructure to ensure prompt identification and response to potential issues, including emerging cybersecurity threats.

We do not engage any assessors, consultants, auditors, or other third parties in connection with processes for assessing, identifying, and managing material risks from cybersecurity threats. As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.

We have implemented robust processes for assessing, identifying and managing material risks from cybersecurity threats and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. We have also integrated cybersecurity risk management into our overall enterprise risk management system.

We have established a comprehensive information security framework that includes a dynamic and multi-layered cybersecurity defense system to effectively mitigate both internal and external cyber threats. We have implemented an information security emergency response mechanism, categorizing security incidents into four main types: cyber-attack incidents, malicious program incidents, information leakage incidents, and information security incidents, and developed emergency response plans for each type of incident. Our cybersecurity defense system spans multiple security domains, including network, host, and application layers. It integrates a range of security capabilities such as threat defense, continuous monitoring, in-depth analysis, rapid response, as well as strategic deception and countermeasures. Our approach to managing cybersecurity risks and safeguarding sensitive data is multi-faceted, involving technological safeguards, procedural protocols, a rigorous program of surveillance on our corporate network, ongoing internal and external evaluations of our security measures, a solid incident response plan, and regular cybersecurity training sessions for our employees. Furthermore, we have implemented a comprehensive information security monitoring system that forecasts and issues timely warnings regarding potential or ongoing information security emergencies, including cybersecurity threats. Our IT department is actively engaged in continuous monitoring of our application, platforms and infrastructure to ensure prompt identification and response to potential issues, including emerging cybersecurity threats.

Our disclosure committee, which is comprised of our chief executive officer, principal financial officer and cybersecurity officer, is responsible for assessing, identifying and managing material risks from cybersecurity threats to our company and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. Our cybersecurity officer possesses extensive experience in information security risk management and compliance, particularly in the internet technology industry, and holds a data security capability maturity model assessor certification issued by the Guizhou Big Data Protection Engineering Research Center. Our disclosure committee reports to our board of directors on (i) a quarterly basis on updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, and (ii) on disclosure concerning cybersecurity matters in our annual report on Form 20-F.