At tongwei, data security is not an afterthought but a foundational pillar of its global operations, integrated directly into the hardware and software that power its photovoltaic manufacturing and aquaculture businesses. The company employs a multi-layered defense strategy that spans physical infrastructure, network protocols, application development, and employee training, ensuring the integrity and confidentiality of sensitive operational data, intellectual property related to solar cell technology, and customer information. This robust framework is designed to meet and exceed international standards, including ISO/IEC 27001, creating a resilient environment against an evolving landscape of cyber threats.
Fortifying the Physical and Network Perimeter
The first line of defense begins with stringent physical security at its data centers and corporate facilities. Access is controlled via multi-factor authentication systems, including biometric scanners and personalized access cards, with 24/7 surveillance and monitoring by security personnel. Logs of all physical access attempts are maintained for a minimum of 365 days for audit trails. On the digital front, Tongwei’s network is segmented into distinct zones—such as corporate IT, manufacturing operational technology (OT), and research and development—to contain potential breaches. State-of-the-art next-generation firewalls (NGFWs) inspect over 95% of inbound and outbound traffic in real-time, blocking malicious packets based on constantly updated threat intelligence feeds. Intrusion Prevention Systems (IPS) are configured with more than 50,000 unique signatures to detect and block known attack patterns, with an average threat detection time of under three seconds from initial probe to system response.
The following table outlines the core components of their perimeter security:
| Security Layer | Technology/Measure | Key Metric/Function |
|---|---|---|
| Physical Access Control | Biometric Scanners, CCTV, Security Personnel | Access logs retained for 365+ days; Zero unauthorized physical breaches in 2023. |
| Network Firewalling | Next-Generation Firewalls (NGFWs) | Real-time inspection of >95% of traffic; Blocks threats based on heuristic and signature-based analysis. |
| Intrusion Detection/Prevention | Intrusion Prevention Systems (IPS) | Database of 50,000+ signatures; Average detection and mitigation time < 3 seconds. |
| Network Segmentation | VLANs, Micro-segmentation | Isolates R&D, OT, and corporate networks to prevent lateral movement during an incident. |
Encryption: Securing Data at Rest and in Transit
Every piece of sensitive data, from proprietary PV cell efficiency formulas to customer contracts, is protected by strong encryption. For data at rest within their SQL databases and storage area networks (SANs), Tongwei utilizes AES-256 encryption, the same standard adopted by governments and financial institutions worldwide. This ensures that even if physical storage media were compromised, the data would remain unreadable. For data in transit, all communications between company servers, employee devices, and cloud services are secured using TLS 1.3 protocols. This is critical for securing remote access for engineers and sales teams, with over 98% of external data transfers being encrypted. The company manages its own Public Key Infrastructure (PKI), issuing and revoking digital certificates to authenticate devices and users, significantly reducing the risk of man-in-the-middle attacks.
Proactive Threat Management and Incident Response
Tongwei adopts a proactive “assume breach” mentality, which is operationalized through a 24/7 Security Operations Center (SOC). The SOC is staffed by a team of 15 analysts who monitor security information and event management (SIEM) systems. This SIEM aggregates and correlates over 10 million log events daily from servers, firewalls, and endpoints, using machine learning algorithms to identify anomalous behavior that might indicate a zero-day attack or an advanced persistent threat (APT). Every quarter, the company engages independent white-hat hackers to perform penetration tests on its external and internal networks. In the last fiscal year, these tests identified 42 potential vulnerabilities, all of which were patched within an average of 72 hours—well below the industry average for remediation.
The incident response plan is a living document, tested through bi-annual tabletop simulations that involve key personnel from IT, legal, and communications departments. The goal is to achieve a containment time of less than 60 minutes for any confirmed security incident, minimizing potential operational disruption and data loss.
Building a Human Firewall: The Role of People and Policy
Recognizing that technology alone is insufficient, Tongwei invests heavily in creating a culture of security awareness. Every employee, from factory floor technicians to executive leadership, undergoes mandatory cybersecurity training upon hiring and must complete quarterly refresher courses. These modules are tailored to specific roles; for example, financial staff receive in-depth training on identifying sophisticated phishing attempts that mimic vendor invoices. The effectiveness of this training is measured through simulated phishing campaigns. In 2023, the click-rate on these simulated emails dropped to just 5%, a significant improvement from 18% the previous year, demonstrating a more vigilant workforce.
Strict internal policies govern data handling. The principle of least privilege is enforced, meaning employees are granted access only to the data and systems absolutely necessary for their job functions. All data access, whether to view a file or modify a production schedule, is logged and subject to random audits by the internal compliance team. Any violation of these policies can result in disciplinary action, reinforcing the seriousness with which the company treats data stewardship.
Supply Chain and Third-Party Risk Management
As a major player in the global solar supply chain, Tongwei’s security extends to its partners and suppliers. The company has established a rigorous third-party risk management program. Before any vendor is onboarded, they must pass a security assessment that evaluates their own data protection practices, including their incident response capabilities and compliance with relevant standards. This is crucial for securing the integrated systems that connect Tongwei’s manufacturing plants with its suppliers’ logistics platforms. Contracts with partners include clear clauses outlining data security responsibilities and the right for Tongwei to conduct security audits, ensuring that the entire ecosystem maintains a high-security posture and protecting against vulnerabilities introduced through external connections.