登录/注册
美光科技有限公司 .董事会安全委员会章程
1. 目的
The purpose of the 安全 Committee (the “Committee”) of the Board of Directors (the “Board”) of 美光科技有限公司. (the “公司”) is to assist the Board with fulfilling its oversight responsibility with respect to the 公司’s security of personnel, 设施, 信息基础设施和所有公司信息, 包括, 但不限于, 数据治理, 隐私, 合规, 网络安全, and oversight of associated risks and other tasks related to the 公司’s security functions as the Board may delegate to the Committee from time to time.
2. 会员资格、资格和报酬
2.01. 任命. 委员会成员须由董事会委任,并由董事会酌情决定. 委员会应至少由两名董事会成员组成. 委员会成员应符合本第2节的标准.
2.02. 独立. At least a majority of Committee members shall be “independent” as defined in the listing standards of NASDAQ, 就像不时发生的那样.
2.03. 资格. Each member shall have experience in the judgment of the Board that would be useful in addressing matters delegated to the Committee.
2.04. 薪酬委员会. 费用及其他补偿, 如果有任何, 支付给委员会成员的薪酬应由董事会自行决定.
3. 委员会主席
除非董事会选出委员会主席, the members of the Committee shall designate a Chair by the majority vote of the full Committee membership.
4. 职责与责任
为了实现上述目的, the Committee shall undertake those specific duties and responsibilities listed below and such other duties as the Board may from time to time prescribe, 除非下文另有说明.
4.01. 有关某些保安事宜的职责. 公司管理层有责任管理公司的安全措施, 程序和控制. 该委员会具有监督作用, 在履行这个角色的过程中, 可以依靠管理层和委员会顾问提供的审查和报告吗. 委员会在履行其监督职责时应:
4.01.01. 风险监督. 审查并与管理层讨论(i)公司的政策, 计划, 指标, and programs relating to the physical security of the 公司’s 设施 and 员工 as well as enterprise 网络安全 and data protection risks associated with the 公司’s security-related infrastructure and related operations and (ii) the effectiveness of the 公司’s programs and practices for identifying, 评估, 在公司的业务运营中优先考虑并减轻此类风险;
4.01.02. 准备. 审查并与管理层讨论公司的网络危机准备, 安全漏洞和事件响应计划, 升级协议和通信计划, 以及灾难恢复和业务连续性能力;
4.01.03. 监督安全措施和事故. 审查并与管理层讨论用于保护机密的保障措施, 完整性, 可用性, 安全, 以及公司员工的应变能力, 设施, 知识产权, 机密信息, 以及商业运作, 审查并与管理层讨论任何重大安全事件, 包括向监管机构提交或来自监管机构的报告, 保障措施的有效性, 采取措施防止再次发生;
4.01.04. 合规监管. Receive reports from management on the 公司’s 合规 with applicable information security and data protection laws and industry standards, 新的或更新的安全法律含义, 数据隐私, 及/或公司或公司员工面临的其他监管或合规风险, 设施, 以及商业运作, 重要的相关立法和监管发展, 公司及其业务运营面临的威胁形势;
4.01.05. 战略监督. 审查公司的物理和网络安全战略并提供建议, 危机或事件管理, 以及与安全相关的信息技术规划流程, and review the strategy for investing in the 公司’s security systems with the 公司’s Chief Information Officer and Chief 安全 Officer;
4.01.06. 公开披露. 审查并与管理层讨论公司的公开披露, 包括提交给美国证券交易委员会的报告, 与公司员工的安全有关, 设施, 信息技术系统, 包括隐私, 网络安全, 数据安全;
4.01.07. 外部合作伙伴. 审查 and discuss with management the 网络安全 risks associated with the 公司’s outside partners and other third-party service providers that have access to 公司 data (such as vendors, 供应商, 业务合作伙伴, 等.), as well as policies and procedures to identify and mitigate such risks; and
4.01.08. 其他有关事项. 审查, 与管理层讨论并提出建议, 适当的, on other matters as the 委员会主席 or other members of the Committee determine relevant to the Committee’s oversight of the 公司’s security of 员工, 设施, 信息技术保护, 包括有关风险识别的管理程序, 评估, 优先级, 缓解和管理.
4.02. 向董事会提出的建议. Submit for approval recommendations to the Board with respect to any activities within the scope of the Committee’s duties set forth in this Charter that require approval of the Board.
4.03. 其他职责. Carry out such other activities within the scope of the Committee’s purpose or as the Board may from time to time delegate to it.
4.04. 董事会授权给委员会. The Board may periodically authorize the Committee to have a level of approval authority for all or certain activities within the scope of the Committee’s duties set forth in this Charter and with respect to such activities the Committee shall have the same powers and rights as the Board to authorize and approve such activities up to such level of approval authority. 对于超出委员会任何此类核准权限的活动, 委员会应向董事会提交建议以供批准.
4.05. 访问. 委员会应享有与公司管理人员的全面接触权, 员工, 书, 履行其职责所需的适当或必要的记录和设施, subject to reasonable advance notice to the 公司 and reasonable efforts to avoid disruption to the 公司’s management, 业务及运作. To avoid disruption, such requests for access shall be coordinated through the 委员会主席.
4.06. 顾问及顾问. The Committee shall have authority to obtain advice and assistance from internal or external legal, 会计, 网络安全, 取证, 技术和此类其他顾问或顾问, 委员会认为适当的, 为完成其在本协议项下的职责. The Committee will review the 公司’s third-party audit plan and results of reviews conducted by management on an annual basis.
4.07. 调查. The Committee shall have authority to conduct or authorize investigations into any matter within the scope of the duties and responsibilities delegated to the Committee as it deems appropriate.
4.08. 报告. 委员会应定期向董事会报告委员会的活动, 评估和建议, 在适当和符合本《沙巴体育结算平台》的情况下.
4.09. 向小组委员会委派的权力. The Committee shall have authority to delegate any of its responsibilities to a subcommittee or subcommittees as it may deem appropriate in its judgment. 小组委员会应遵守本宪章.
5. 会议
5.01. 会议出席人数和邀请对象. All non-management directors that are not members of the Committee may attend meetings of the Committee but may not vote. 另外, 委员会可邀请任何董事出席会议, officer of the 公司 and such other persons as 它认为是适当的,以便履行其职责. 委员会也可将任何人排除在其会议之外, 除委员会成员外, 它认为是适当的,以便履行其职责.
5.02. 会议. The Committee shall meet with such frequency and at such intervals as it shall determine necessary to carry out its duties and responsibilities, 但无论如何每年不少于四次(一般为每季度一次). The Committee may establish its own schedule, which it will provide annually to the Board in advance. The 委员会主席 or a majority of the Committee members may call meetings of the Committee. 委员会会议可通过电话和/或视频会议举行. 会议 will be held in a manner to allow all persons participating in the meeting to hear each other.
6. 分钟
委员会应保存其会议的书面记录, 哪些会议记录应与董事会会议记录一并存档.
7. 投票
Each member of the Committee shall have one vote on any matter requiring action by the Committee. 三分之一但不少于两名的委员构成法定人数. The Committee shall be authorized to take any permitted action only by the affirmative vote of a majority of the Committee members present at any duly-called meeting at which a quorum is present, 或经委员会全体成员一致书面同意. 委员会主席有权进行额外表决以解决任何联系.
8. 绩效评估
至少每年一次, 委员会应对委员会进行绩效评估, 包括审查本《沙巴体育结算平台》.
经修订和重述,2022年10月13日生效.