Information Security Management System (ISMS) Policy
Last updated: April 5, 2026
1. Purpose
Footprint-AI (信誠金融科技股份有限公司) establishes this Information Security Policy to demonstrate our commitment to providing secure AI voice agent services, protecting critical information assets from internal and external threats, ensuring business continuity, and complying with applicable regulatory requirements.
2. Objectives
We aim to establish an Information Security Management System (ISMS) that conforms to international standards, ensuring our services meet the following requirements:
- Confidentiality: Ensuring information is accessible only to authorized personnel and preventing unauthorized disclosure.
- Integrity: Safeguarding the accuracy and completeness of information and processing methods, preventing unauthorized modification.
- Availability: Ensuring authorized users can access information and related assets when needed.
- Compliance: Adhering to applicable laws, regulations, and contractual obligations.
3. Policy Statement
Our information security policy statement is:
"Uninterrupted services, no data loss, no personal data breaches, and sustainable business operations."
4. Scope
This policy applies to all company personnel (including full-time employees, contract workers, interns, and partner vendors), covering the following areas:
- AI voice agent software development and testing environments
- Cloud systems and infrastructure
- Voice data processing and storage systems
- Physical office environments
- Business services and related operational processes
5. Coverage Areas
Our Information Security Management System encompasses the following management domains:
- Information security organization and management review
- Risk management
- Document and record management
- Internal audit
- Human resource security
- Asset management
- Access control
- Cryptography management
- Physical and environmental security
- Operations security
- Communications security
- System development and maintenance security
- Supplier relationship management
- Information security incident management
- Business continuity management and compliance management
6. Organization & Accountability
We clearly define the information security organization and its responsibilities to effectively promote information security management, execution, and audit activities:
- Management: Responsible for approving information security policies, providing necessary resources, and overseeing the operation of the ISMS.
- Information Security Management Representative: Responsible for promoting and coordinating the establishment, operation, and continual improvement of the ISMS.
- All Personnel: Required to comply with information security regulations and responsible for reporting information security incidents.
7. Implementation Principles
We implement the ISMS following the PDCA (Plan-Do-Check-Act) cycle:
- Plan: Establish information security policies, objectives, processes, and procedures to manage risk and improve information security.
- Do: Implement and operate the information security policies, controls, processes, and procedures.
- Check: Monitor and review ISMS performance, and conduct regular internal audits and management reviews.
- Act: Take corrective and preventive actions based on review results to continually improve the ISMS.
8. Review & Assessment
This policy is reviewed and assessed at least annually. In the event of significant changes or security incidents, it may be reviewed and revised at any time. Revisions are approved and issued by the responsible officer and communicated to all stakeholders.
9. Contact Us
For questions about this policy, please contact us at kafeido@footprint-ai.com.