; (2) establish a cross-check for operation of information security to prevent potential risks; (3) establish communication channels with the SEC Office, the regulatory authority for information