Futu ESOP System has received two more ISO international authoritative certifications, and its strong information security capabilities protect customers

北京时间7月3日，富途ESOP系统再次获得了由国际权威机构DNV所认证的ISO29151个人身份信息保护实践指南证书与ISO27701隐私信息管理体系证书，意味着富途ESOP系统在安全资质认证方面又跨出了重要的一步，也充分证明了着富途在系统安全建设和客户信息保护方面的强大实力。

▲ ISO29151&ISO27701证书

ISO是国际标准化组织（International Organization for Standardization）的简称，是成立于1947年的一个全球性非政府组织，在国际标准化领域有着举足轻重的地位。该组织的宗旨是在世界范围内促进标准化工作的发展，以利于国际物资交流和互助，并扩大知识、科学、技术和经济方面的合作。

作为世界上最大的国际标准化组织，ISO的主要任务是制定国际标准，协调世界范围内的标准化工作以及与其他国际性组织合作研究有关标准化问题。而ISO标准正是指由ISO组织所制定的一系列全球通用标准，涉及信息技术、交通运输、农业、保健和环境等多个领域，是国际通行的权威认证标准。

此次富途ESOP所获得的两项ISO认证分别为ISO29151个人身份信息保护实践指南认证与ISO27701隐私信息管理体系认证。

其中，ISO29151全称「ISO/IEC 29151:2017 个人身份实践保护指南」，是ISO标准委员会2017年颁布的指导组织实现隐私安全的一项国际标准。该标准描述了个人可识别身份信息（PII）安全控制措施和风险处理指南，共涵盖26个控制域，181条控制措施，适用于任何对隐私保护有需求的组织，对开展个人身份信息保护提供了一个广泛的指南。

ISO27701认证是ISO27001和ISO27002在隐私信息管理方面的扩展，也是在全球范围内具有权威性的隐私保护标准，富途是中国首批获得此类认证的互联网券商。该标准由国际标准组织（ISO）和国际电工委员会（IEC）于2019年8月联合发布，旨在帮助组织有效保护和合规处理所收集的个人信息。该标准同时会涵盖欧洲通用数据保护条例（GDPR）合规需求，而GDPR被业界公认为史上最严格的隐私保护条例。

对于ESOP系统来说，安全是第一要求。为了应对严苛的安全要求，切实保证信息数据在整个系统的传输、存储、处理过程中的安全性，富途ESOP系统设置了严格的研发流程和执行规范，具有多重安全保障。

系统安全方面，富途内部建立有效的漏洞管理流程及安全研发流程，确保系统的漏洞能够及时且有效地得到发现及解决。数据安全方面，富途将客户数据视为公司的机密信息，公司在物理层面、网络层面建立多道有效的访问控制策略，保证数据的安全。权限安全方面，富途内部建立有效的权限审核和管理流程，保证权限的生命周期中各个节点得到安全控制。并且富途建立起了有效的审计机制，确保人员操作、业务变更、系统变更的安全措施得到有效落地。

除这次获得的ISO29151和ISO27701认证之外，富途ESOP系统还获得了ISO27001信息安全管理认证与SOC1审计认证，充分证明了富途内部控制设计的合理性与实施有效性，在信息安全、业务连续性等方面有可靠的保障。

此外，富途ESOP为了保证自身系统的安全性，免遭外部入侵，选择安全圈内具有强大安全渗透测试能力的企业——腾讯云进行长期的合作，定期发现问题，保证ESOP系统快速迭代的同时，安全能力也能稳步提升。

富途ESOP业务由其企业服务品牌——富途安逸（FUTU I&E）提供，贯穿公司上市前后的全流程，包含从激励方案设计到信托税筹、数据管理、行权落地、资金回境的一站式股权激励管理服务。

全自研的前中后台系统，让富途ESOP股权激励管理灵活性更强、响应更快。在公司侧，富途提供专业高效的管理员系统，让决策者清晰掌握期权现状，便捷管理；在员工侧，可视化的数据管理系统，让员工更直接地感受到激励的价值。

富途ESOP具有万人规模的行权落地实践经验，经过多年打磨，系统稳定性与业务流程上的体验日趋极致。富途ESOP完善的内控管理、安全的运行体系和专业的技术实力可充分保障企业的数据安全和业务安全。

目前，富途安逸已签约包括腾讯、快手、贝壳、小鹏汽车、中国燃气、泡泡玛特、明源云、猎聘等超200家公司，其中10亿美金市值/估值以上的公司占比接近50%，是TMT、大消费、汽车物流、生物医药等多条赛道头部企业的不二选择。 

On July 3, Beijing time, the Futu ESOP system was once again certified by the international authority DNV.ISO29151Personal identity information protection practice guide certificate andISO27701The certificate of privacy information management system means that Futu ESOP system has taken another important step in security qualification certification, and it also fully proves the strong strength of Futu in system security construction and customer information protection.

▲ ISO29151&ISO27701 certificate

ISO is the abbreviation of the International Organization for Standardization (International Organization for Standardization). It is a global non-governmental organization founded in 1947 and plays an important role in the field of international standardization. The purpose of the organization is to promote the development of standardization work worldwide in order to facilitate international material exchange and mutual assistance, and to expand knowledge, science, technology and economic cooperation.

As the largest international standardization organization in the world, the main task of ISO is to formulate international standards, coordinate standardization work worldwide and cooperate with other international organizations to study related standardization issues. AndISO standardIt refers to theA series of global standards developed by ISOIt is an internationally accepted authoritative certification standard in many fields, such as information technology, transportation, agriculture, health care and environment.

The two ISO certifications obtained by Futu ESOP areISO29151Personal identity Information Protection practice Guide Certification andISO27701Privacy information management system certification.

Among them, the full name of ISO29151, "ISO/IEC 29151 ISO 2017 personal identity practice Protection Guide", is an international standard issued by the ISO Standards Committee in 2017 to guide organizations to achieve privacy security. The standard describes personal identifiable Information (PII) security control measures and risk handling guidelines, covering a total of 26 control domains, 181control measures, applicable to any organization that needs privacy protection, and provides a broad guide for the protection of personal identity information.

ISO27701 certificationIs an extension of ISO27001 and ISO27002 in privacy information management, as well as inAuthoritative on a global scalePrivacy protection standards based onFutu is one of the first Internet securities firms in China to obtain such certification.. The standard was jointly issued by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) in August 2019 to help organizations effectively protect and comply with the personal information collected. The standard will also cover European General data Protection regulations (GDPR) compliance requirements, and GDPR is recognized by the industry as the most stringent privacy protection rule in history.

For ESOP systems, security is the first requirement. In order to meet the stringent security requirements and ensure the security of information data in the transmission, storage and processing of the whole system, Futu ESOP system has set up strict research and development processes and implementation norms, with multiple security guarantees.

System securityOn the one hand, Fu Tu internal establishment of effective vulnerability management process and security research and development process to ensure that vulnerabilities in the system can be found and resolved timely and effectively.Data securityOn the one hand, Futu regards customer data as the company's confidential information, and the company establishes multiple effective access control policies at the physical and network levels to ensure the security of the data.Permission securityOn the other hand, an effective authority audit and management process is established within Futu to ensure that each node is safely controlled in the life cycle of permissions. And Fu Tu has established an effective audit mechanism to ensure that the security measures of personnel operation, business change and system change are effectively landed.

In addition to the ISO29151 and ISO27701 certification obtained this time, Futu ESOP system has also obtained ISO27001 information security management certification and SOC1 audit certification, which fully proves the rationality and effectiveness of Futu internal control design and implementation, and has reliable guarantee in information security, business continuity and other aspects.

In addition, in order to ensure the security of its own system and avoid external intrusion, Futu ESOP chose Tencent Cloud, an enterprise with strong security penetration testing capability in the security circle, to conduct long-term cooperation to find problems regularly to ensure that the ESOP system iterates quickly, while the security capability can also be steadily improved.

ESOP business is provided by its corporate service brand-FUTU comfort E, which runs through the whole process of the company before and after listing, including one-stop equity incentive management services from incentive scheme design to trust tax collection, data management, exercise rights landing and capital return.

The fully self-developed front, middle and background system makes the equity incentive management of Futu ESOP more flexible and responsive.On the side of the companyFutu provides a professional and efficient administrator system, which allows decision makers to clearly grasp the current situation of options and facilitate managementOn the employee sideThe visual data management system makes employees feel the value of motivation more directly.

Futu ESOP has practical experience in exercising rights and landing on a scale of ten thousand people. after years of polishing, the system stability and business process experience are becoming more and more extreme. Futu ESOP's perfect internal control management, safe operation system and professional technical strength can fully ensure the data security and business security of the enterprise.

At present, Fortuan has signed contracts with more than 200 companies, including Tencent, Kuaishou Technology, KE Holdings Inc., XPeng Inc., China Gas, Pop Mart International, Ming Yuan Cloud Group, Hunpin and so on, of which nearly 50% are companies with a market capitalization / valuation of more than US $1 billion. It is the best choice for many track head enterprises, such as TMT, big consumption, automobile logistics, biomedicine and so on.