Fortune Valley Treasures, Inc. - (FVTI)

10-K Filing Date: April 15, 2024
Item 1C. Cybersecurity

 

Risk Management and Strategy

 

The goal of our cybersecurity risk management strategy is to protect the privacy, integrity and availability of our systems, information and data. Our subsidiaries are required to comply with rapidly evolving and complex PRC laws and regulations with respect to cybersecurity, data security and personal information protection. In response to the recent changes in the regulatory requirements, we have designed a data and information protection mechanism as part of our risk management process and efforts. The measures include the following main components: (i) enhancing data security technical measures by the introduction of an extended verification (EV) SSL certificate at the user information security technology implementation level, offering strong encryption technology and extended verification function, and providing security guarantee for online transactions; (ii) improving the technical level protection and the monitoring mechanism for data use, and for the data modules related to user information in the e-commerce platform system, using MD5 irreversible encryption for storage and display of information security sensitive fields; (iii) developing a complete personal information operating process and system and designating personnel for information security; (iv) developing a user information collection, storage and user rules and privacy agreement, following the “inform + express consent” model, informing users of the purpose, method and scope of information collection and use, as well as the channels for inquiring and correcting inaccuracies in information and data; (v) conducting assessments on technology, operational risks and system common issues, and data security governance; (vi) engaging a data security service organization to conduct an annual data security assessment and providing disclosure and updates to all stakeholders; (vii) establishing an emergency plan for personal information security incidents, which includes an emergency response mechanism for security incidents, incident impact assessment and mitigation measures, and emergency response training and drills; (viii) providing periodic training to employees; and (ix) promoting consumer data protection awareness.  We have implemented and are in the process of implementing these measures.

 

Governance

 

The Company’s board of directors has oversight responsibility for the Company’s overall risk management, including cybersecurity risks, and has not delegated oversight authority for cybersecurity risks to any committee. Our management, led by our Chief Executive Officer and Chief Financial Officer, is responsible for assessing cybersecurity risks and supervising relevant personnel with respect to our efforts and measures with the aim we have an appropriate cybersecurity strategy to assess and manage those risks, including responding to attacks or breaches. Our Chief Executive Officer and Chief Financial Officer meet periodically with the individuals charged with the day-to-day operations supervisory responsibilities including IT operations and infrastructure regarding cybersecurity to review and assess potential issues and any changes needed to be made related to our information technology system and cybersecurity measures. Cybersecurity awareness trainings are provided for all employees.

 

In fiscal year 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, we face potential cybersecurity threats that, if realized, would materially affect us. These threats include but are not limited to ransomware and malware attacks, and compromised business email and other social engineering threats. Our suppliers, customers, contractors and business partners also face similar cybersecurity risks, which could have an adverse impact on our business. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors - While we are not aware of any data breach in the past, future cyberattacks, computer viruses or any failure to adequately maintain security and prevent unauthorized access to our information technology system or data could result in a disruption of our business operations and materially adversely affect our reputation, financial condition and operating results.”