Macau New Welfare Public Bus Co., Ltd. successfully passed the initial audit of HIC Huakai ISO 27001 Information Security Management System

Recently, Macau New Welfare Public Bus Co., Ltd. successfully passed the initial audit of the ISO 27001 Information Security Management System by Shenzhen Huakai Inspection & Certification Co., Ltd.

Company Introduction

On February 21, 1952, Ho Yin and four other well-known members of society established Macau Welfare Public Bus Co., Ltd., providing public bus services until 1988. The company was succeeded and continued by Macau New Welfare Public Bus Company (hereinafter referred to as "New Welfare Company"). The company currently employs about 1,100 people and has over 500 bus vehicles. It mainly operates 32 bus routes and seasonal routes approved by the Macau SAR government, while also offering car rental services for government agencies, enterprises, schools, associations, and citizens.

New Welfare Company has incorporated daily operational management into a standardized and procedural track, implementing a quality management system since 2004 and passing the latest ISO 9001 quality management system certification in 2016. As society places increasing emphasis on information asset security, New Welfare Company has begun establishing an information management system that meets international standards, fully protecting the integrity, confidentiality, and availability of information, striving to reduce management risks and improve work efficiency.

Based on the ISO 27001 Information Security Management System standard and the characteristics of the automotive transportation industry, the HIC audit team clarified the audit criteria, scope, and methods for this system certification, and conducted a comprehensive audit of Xinfuli Company. The audit uses document traceability, process verification, and personnel interviews, focusing on verifying the effectiveness of the information security management system. When checking office equipment operation control records, the execution traces of three major measures—physical and environmental safety, communication and network security, and data backup and security management—are simultaneously confirmed to ensure traceability of equipment operating status. Then, random checks of files and personnel are conducted to verify employees' actual mastery of security awareness and emergency response skills, ultimately forming the "equipment record - measure trace - personnel capability" form A closed-loop verification system that comprehensively verifies the effectiveness of the system's operation.

During the audit, the HIC audit team pointed out shortcomings in current information security management work and offered suggestions for improvement. Enterprise leaders and personnel at all levels attached great importance and closely cooperated, fully affirming the audit team's professional capabilities and work style.

At the final meeting, the HIC audit team fully affirmed the ISO 27001 information security management system established by New Welfare Company. This system meets international standards, successfully achieves deep integration with corporate strategy and daily operations, and forms significant advantages in four major dimensions: risk assessment, access control, physical and network protection, and personnel capabilities. After a comprehensive evaluation by HIC's audit team experts, it was unanimously determined that the system elements built by Xin Welfare Company are complete and effective, meeting the requirements of the ISO 27001 standard, and we agreed to recommend certification registration.