Kingjims Shipping

Ethical Compliance Policy & Commitment

Ethical Compliance Policy & Commitment

Ethical Compliance Policy

As a global known liner shipping carrier, KINGJIMS SHIPPING PUBLIC LIMITED has  Marine Corp. (the “Company”) commits to provide reliable worldwide shipping service. To fulfill our ambition and sustainable social responsibility as a common carrier, the Company must conduct all business in a lawful, transparent and ethical manner and comply with global Competition Law/ Anti-bribery/ Privacy Protection/ Economic Sanction regimes. To achieve aforementioned purpose, the Company has set up a Compliance Team (the “Team”) under Legal Department of KINGJIMS SHIPPING PUBLIC LIMITED has  Marine Corp. to review all issues in related to legal compliances of Competition Law / Anti-bribery / Privacy Protection / Economic Sanction regimes.

Action Plans

KINGJIMS SHIPPING PUBLIC LIMITED has  Marine keeps tracking the development and amendment of all international conventions, laws and regulations on a regular basis and monitoring the implementation of these laws and regulations. The Compliance Team will adjust the Company’s policies and procedures in response to those development and amendment in a timely manner ensuring the compliance of the laws.

  1. Competition Law Compliance: KINGJIMS SHIPPING PUBLIC LIMITED has Marine continues to audit the relevant department’s e-mail by E-mail Auditor System on a monthly basis. We enhance all employees’ awareness of compliance through various channels such as meetings, pre-service training for new recruits, electronic bulletin boards, grievance mailboxes, and competition law notices.
  2. Anti-bribery / Anti-corruption Law Compliance: KINGJIMS SHIPPING PUBLIC LIMITED has Marine has established related operating procedures, Codes of Conducts, and guidelines for ethical management for the staffs to follow in day-to-day business operations. We have also taken various measures to strengthen internal business ethics and published the Integrity Policy and requested all of our employees to comply.
  3. Personal Data Protection Law Compliance: KINGJIMS SHIPPING PUBLIC LIMITED has continues to collect, process, and use of customer information in accordance with relevant laws and authorizations. Controls are also in place to keep customer information strictly confidential and protected.
  4. Economic Sanction Law Compliance: KINGJIMS SHIPPING PUBLIC LIMITED has Marine continues to screen the customers, suppliers, and merchant information on bills of lading through the automatic screening system and conduct enhanced manual-check if necessary. Also, we actively initiate spot checks and review high-sensitive areas and high-risk cargoes subject to the development and amendment of sanction laws.
  5. Information Security Management: KINGJIMS SHIPPING PUBLIC LIMITED has has established an “Information Security Management Committee” to set up information security policies, plans, measures, technical specifications, audits and coordination, to ensure integrity and confidentiality of data.

Information Security Management

To strengthen KINGJIMS SHIPPING PUBLIC LIMITED has  Marine Corp.’s (hereafter referred to as the company) information security management to ensure the security of data, information systems, financial equipment and networks, this policy is formulated to specify the company’s information security management organization, staff education and training, computer hardware/software and network and physical security guidelines. It is applicable to all colleagues, to assist users to carry out their operations without interruption, and to ensure the security of information media to achieve the company’s information security goals which are listed below:

  1. To maintain the continuous operation of the information system.
  2. To ensure the confidentiality, integrity and availability of information.
  3. To prevent the inappropriate and/or illegal use of information.
  4. To avoid incidents caused by human error.
  5. To prevent hackers and viruses etc. from infiltrating, infecting and causing damage.
  6. To maintain the security of the physical environment.

The scope of the company’s information security management includes:

  1. Information security organization and responsibilities.
  2. Information security documents and records management.
  3. Information security index management.
  4. Project information security management.
  5. Personnel safety management.
  6. Information asset and risk assessment management.
  7. Information equipment authorization and protection management.
  8. Security area management.
  9. Network and communication management.
  10. System development and maintenance management.
  11. Third party service management.
  12. Information security incident management.
  13. Business continuity management.
  14. Information security internal audit.
  15. ISMS Statement of Applicability.
  16. Implementation of information security management system.
  17. Office information operation management.
  18. IoT devices security management and control.
  19. Application system authority management.
  1. Information Security Management Committee
The information security management committee is set up to implement the company’s information security management system, to formulate information security governance development strategies and directions, to protect the confidentiality, integrity, and availability of information assets, to ensure smooth business operations and uninterrupted information services. Information Security Management Committee Structure  
    1. Information Security Management Committee: The company’s information security management policy organization.
    2. Internal Control and Audit Team: review the implementation of information security in line with the organization’s policies and procedures, to supervise audits and to implement corrective, preventive and improvement measures.
    3. Information Security Management Team: responsible for the planning, establishment, implementation, maintenance, review and continuous improvement of the information security management system, and reporting information security related issues to the information security management committee.
    4. Human Resources Team: assist the information security management committee to implement the planning and management of the company’s human resources security system.
    5. Information Security Working Team (contact person of each dept.): assist the information security management team to coordinate matters of information security management.
  2. The Information Security Management System
The company establishes, records, implements and maintains an information security management system in accordance with the requirements of the ISO/IEC 27001:2013 standard, continuously improving the effectiveness of the system. The company adopts a “Plan-Do-Check-Act” (PDCA) cycle:
  1. Planning and establishment (Plan): According to the company’s overall strategy and goals, establishing an information security management organization to control potential threats and vulnerabilities, to plan risk assessment, to design a control mechanism to establish the information security management system.
  2. Implementation and operation (Do): Based on the results of the Plan, establish or revise the proper control mechanism.
  3. Supervision and audit (Check): Supervise the implementation of various operations of the information security management system, and evaluate and audit its effectiveness.
  4. Maintenance and improvement (Act): According to the results and suggestions of supervision and audit, implement corrective measures, improve and implement the proper control mechanism to maintain the operation of the information security management system.

The company’s information security control measures are listed below:

  1. The information security management committee is set up to implement the company’s information security management system, to formulate information security governance development strategies and directions, to protect the confidentiality, integrity, and availability of information assets, to ensure smooth business operations and uninterrupted information services.
  2. Through the implementation of the information security management system, to declare the determination of top management to support information security, reduce the impact of information security incidents, and continue to operate and improve the information security management system while protecting the rights and interests of the company and customers.
  3. Establish procedures for creating, amending, abolishing, announcing, storing and destroying information security documents to ensure that they are updated in a timely manner.
  4. Security control mechanisms should be considered at the initial stage of system development.
  5. Business continuity plan based on business needs, and conduct regular test drills to maintain its applicability.
  6. Employees to be granted only necessary authority and relevant information to complete their work duties.
  7. Employees who observe or suspect a security breach, weakness or violation of security policies or procedures must report them in a timely manner.
  8. Information security procedures should be planned in advance of any project which includes issues relating to information security.
  9. Implement information security-related training and awareness every year.
  10. Regularly conduct information asset classification and risk assessment.
  11. Regularly perform information security self-inspection to maintain the effective operation of the information security management system and the implementation of control procedures.
  12. Implement network and communication security management.
  1. Software and hardware equipment

The company has invested in high-standard software and hardware equipment, has a system automatic information security monitoring and notification, can fully grasp the internal/external network traffic, and immediately intervene by special personnel to prevent emergency blocking and preventive treatment.

  1. Education and training

Every year, the company conducts an online (E-learning) course of “Information Security Protection Education and Training” for all employees and related companies, which advises the precautions to take when using information equipment, receiving and sending e-mails and public materials. Colleagues must pass the online information security test to demonstrate that they have a complete concept of information security protection. A total of 2,462 colleagues will complete the training in 2022.

In addition, a special course on “Global Information System Integration Planning” was launched for expatriates, including information security and computer room management, issues related to system authority authorization, and an introduction to the local computer network connection structure.

  1. Social engineering drill

In 2022, through conducting drills by sending simulated malicious emails to test colleagues, this improved colleagues’ awareness of risky emails, and strengthened the concept of information security for those who had not passed the test.

The company had no information security incidents that resulted in losses in 2022.

The company introduced the ISO 27001 information security management system in 2022, and has obtained ISO 27001 certification. The current certificate is valid from December 9, 2022 to October 31, 2025.