Contents
Message from the Chairman 01 [Special Topic] Koal's Green 15
About This Report 03 Products and Solutions
About Koal 04
Sustainable Development Management 11
Forging a Efficient and
Digital Shield 01 Robust Operations 02
Innovation as a Driving Force 19 Corporate Governance 57
Safeguarding Customer Privacy 26 Risk and Compliance Management 63
Protecting Data Security 37 Business Ethics and Anti-Corruption 65
Sustainable Supply Chain 47 Party Leadership 67
Industry Ecosystem Development 49
Striving for a Shared Green and Low-
Prosperous Future 03 Carbon Operations 04
Diverse and Inclusive Workplace 71 Environmental Management System 89
Human Capital Development 74 Climate Change Mitigation 91
Occupational Health and Safety 84 Green Operations 95
Community Engagement 86
Appendix 99Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
Message from the Chairman
2024 marks the 20th anniversary of the ESG concept and the and resources. Through the formation of industry alliances
second year of Koal's ESG journey. Over the past two years the and joint research initiatives we aim to collectively address
Company's governance structure has undergone changes. We the growing complexity of cybersecurity threats. Our vision is
have fully embraced a paperless office system with gradual to build a new security paradigm centered on cryptographic
implementation across our six R&D centers ten delivery centers technologies and empowered by the integration of multiple
and all marketing and service locations. In addition Koal security solutions. This includes developing an autonomous
Academy has been launched extending employee benefits to and controllable cybersecurity environment grounded in
include comprehensive training programs career development cryptographic infrastructure and ultimately achieving a trusted
guidance and support for mental and physical well-being. Our interconnected and open framework for security. We will also
commitment to rural revitalization continues as we partner with deepen cooperation with universities and research institutions
Guo Dazhai Township in Fengqing County Lincang City Yunnan to cultivate more cybersecurity talent injecting new energy
Province to help promote the Qiong Ying Ancient Tree Tea" to into the industry's sustainable growth. Our goal is to build a
the wider world. We understand that ESG is a long-term journey vibrant cybersecurity community characterized by shared
one that evolves steadily from within rather than something responsibility and collective progress.that can be achieved overnight. With this in mind Koal will Direction 3: Energizing innovation within the Company to
continue to strengthen internal capabilities while focusing our support the secure upgrade of digital transformation.With
efforts in three key directions: the ongoing advancement of new quality productive forces
Direction 1: Strengthen data security governance to digital transformation is accelerating in both depth and scale
safeguard a green digital ecosystem. In today's data-driven accompanied by a growing demand for cybersecurity. We aim
era data security is not only our lifeline but also a critical to seize this opportunity to continuously drive innovation within
pillar of ESG. We must protect user data with the same rigor the Company and incorporate ESG principles into our products
as we do our financial assets. This not only involves ensuring and services. We continue to increase investment in advanced
the confidentiality integrity and availability of the data technologies such as Zero Trust architecture and AI security
but also integrating ESG principles into the management of focusing on both research and practical application. Through
Yang Wenshan Chairman of Koal Software Co. Ltd. data throughout its entire lifecycle. Koal will increase R&D ongoing innovation we aim to make breakthroughs in critical
investment in areas such as data encryption access control foundational and frontier technologies delivering smarter
and data breach prevention to establish a comprehensive more efficient and more secure solutions for businesses. At
Drawn Together by the Light on the ESG Journey Inspired Every Step of the Way data protection system—one that offers users a true sense of the same time we focus on the pain points and challenges
ease and trust. At the same time we will actively participate that enterprises face during digital transformation and offer
in the formulation of data security standards driving forward customized security services to address them. Our goal is to
industry-wide governance and contributing to a healthy green ensure robust cybersecurity throughout the transformation
digital ecosystem. In an increasingly competitive cybersecurity process enabling businesses to navigate the digital wave with
landscape we aim to stand out through real value creation and peace of mind and achieve sustainable development.Dear colleagues partners and all friends who follow and support Koal: demonstrating Koal's distinctive strengths.From the introduction of the ESG concept by the United Nations Global Compact to the release of annual In 2025 and beyond Koal will remain firmly committed to the
ESG reports by over 2000 A-share listed companies ESG has grown from a niche concept into a widely Direction 2: Advancing industry collaboration to build ESG vision and continue advancing on the path of network and
a shared future in cybersecurity.The development of the information security. Let us walk together on the path of ESG—
recognized topic in mainstream discourse which is now taking root and gaining real momentum in China. cybersecurity industry is not a solo effort of a single company guided by its light inspired with every step and dedicated to
Today the ESG we are talking about is no longer just a concept or a label but a transformation of corporate but rather requires the collective efforts of the entire industry. building a brighter future. Through these collective efforts we
strategy development and management. It genuinely helps businesses tap into their potential value and inspire At Koal we are committed to fulfilling our social responsibilities will drive the high-quality development of Koal and contribute
resilience in a highly competitive environment. under ESG collaborating with our peers to break down to a secure and trustworthy digital world for all.barriers and achieve the sharing of technology expertise
01 02Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
About This Report About Koal
This Environmental Social and Governance (ESG) report (hereinafter referred to as "the report") is publicly released by Koal Software Company Profile
Co. Ltd. (hereinafter referred to as "Koal"). This report is prepared in accordance with the principles of objectivity openness and
transparency and aims to disclose Koal’s sustainability philosophy management practices and key performance results for 2024 to Founded in March 1998 Koal Software Co. Ltd. (stock code: 603232.SH) stands as a pioneer and leader in China's information
its stakeholders. security digital trust sector. The Company went public on the main board of the Shanghai Stock Exchange in April 2017. Koal has
established 6 R&D centers and 10 delivery centers with marketing and service outlets spanning major provincial capitals across
China. The Company provides comprehensive security solutions and professional services to over 30 national ministries and
Reporting Scope commissions more than 100 state-owned and central enterprises and over 200 commercial banks. As a secretariat member of the
Infrastructure Group of the State Cryptography Administration Koal has spearheaded and contributed to the development of over
Organizational Scope: The scope of this report aligns with that of the annual consolidated financial statements of the Company. 100 relevant standards including nearly 20 national standards. The Company has been honored twice with the second prize of the
Time Range: This report covers the period from January 1 2024 to December 31 2024. Some content may be extended beyond National Science and Technology Progress Award and has garnered more than 20 National Party and Government Cryptography
this timeframe as deemed appropriate. This report is an annual report. Science and Technology Progress Awards as well as ministerial and provincial-level Science and Technology Progress Awards.Definition of Terms
For ease of expression and reading Koal Software Co. Ltd. is referred to as "Koal" "the Company" or "we" in this report.Basis of Preparation Mission Corporate Culture
This report has been compiled according to the GRI Standards by the Global Sustainability Standards Board Guidelines No.
1 of Shanghai Stock Exchange for the Self-Regulation of Listed Companies — Standardized Operation (2023) Guideline No.14 To defend digital Unity Dedication
of Shanghai Stock Exchange for the Self-Regulation of Listed Companies — Sustainability Report (Trial) Guide No.4 for Self- sovereignty and safeguard Innovation Security
Regulatory Supervision on Listed Companies of the SSE — Compilation of Sustainable Development Reports and the United the digital world Efficiency Sharing
Nations Sustainable Development Goals (SDGs).Source of Information Vision
All the information and data used in the report are sourced from the Company's official documents statistical reports
and financial statements as well as information on sustainable development practices of each that have been gathered To be a leader in cyberspace
and reviewed by the relevant functional departments of the Company. Unless otherwise specified all monetary amounts and digital asset security
mentioned in this report are measured in RMB.Assurance of Accuracy
The Company assures that this report contains no false records misleading statements or significant omissions and is
accountable for the authenticity and accuracy of its content. This report has been reviewed by the Company's Board of
Directors and is being publicly released.Report Access & Contact
The electronic version of this report is available on the Shanghai Stock Exchange website (www.sse.com.cn) and the Cninfo
website (www.cninfo.com.cn). If you have any questions regarding this report please feel free to contact us through the
following channels:
Address: Building A2 G60 Commercial Cryptography Industrial Base No. 1-7 Lane 58 Muchuan Road Sijing Town Songjiang
District Shanghai
Tel/Fax: 021-62327028/021-62327015
Email: stock@koal.com
Website: www.koal.com
03 04Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
Company Product Series
Identity Security Product Series
Western Region The identity security product series encompasses Public Key
Central Region Infrastructure (PKI) and trusted identity control platforms. The
PKI serves as a security foundation integrating digital certificate
authentication systems certificate registration systems and
collaborative signature services. It ensures confidentiality
Urumqi integrity authenticity and non-repudiation across various digital
Shenyang scenarios forming the cornerstone for building digital trust
Bohai Rim Region systems. The trusted identity control platform amalgamates PKI
Inner Mongolia Beijing Headquarters Beijing Headquarters with other identity technologies broadening the scope of identity
Beijing R&D Center management. Beyond certificate-based identities it offers
unified lifecycle management for diverse digital entities along
with multi-factor authentication access policy management
and identity risk analysis functionalities providing platform-level
support for constructing robust digital trust systems.Gansu
Xi'an Zhengzhou Data Security Product Series
Yangtze River Delta Region
Lhasa Nanjing R&D Center The data security product series incorporates fundamental
Shanghai Headquarters cryptographic components such as key management systems
Chengdu Hubei Shanghai Headquarters cryptographic machines and digital signature and verification Shanghai R&D Center
servers. It also features products like SSL VPN IPSEC VPN
application-integrated security gateways data access control
2 gateways database encryption systems and storage encryption Headquarters Hunan gateways. Additionally it includes a cryptographic service platform
Beijing Shanghai that facilitates unified management and service-oriented extension
of these components and products. Collectively this series delivers
6 end-to-end solutions for the collection transmission storage use R&D Centers Yunnan and exchange stages of the data security lifecycle serving as the
Beijing Shanghai Xi'an Chengdu Nanjing Zhengzhou Guangzhou bedrock for comprehensive data security.
4 Joint Laboratories IoT Security Product Series
Cyberspace Security Key Laboratory (Shanghai Jiao Southwest Region
Tong University) The IoT security product series is underpinned by commercial
Cryptography Application Research Key Laboratory Chengdu R&D Center cryptography guided by national standards and aims to achieve
(Shaanxi Normal University) authentic identity protocol integrity and data encryption
Xi'an R&D Center
Network Security Joint Laboratory (Jinan University) across multi-dimensional spaces including sky ground sea air
network people and objects. By implementing authentication
Network Security Technology Laboratory (Jiangsu Zhengzhou R&D Center authorization and encryption technologies in intelligent IoT
University of Science and Technology) scenarios it establishes a scalable security foundation. This
Pearl River Delta Region
enables secure and efficient interconnection in smart IoT
10 10 Delivery Centers applications prevents unauthorized access to critical information
safeguards sensitive data from breaches protects individual
Beijing Shanghai Zhengzhou Shenyang Xi'an
privacy and bolsters the overall security of smart networks.Wuhan Chengdu Urumqi Lhasa Guangzhou
05 06Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
2024 in Review
Basic earnings per share: RMB Major service/information security incidents:
0.16 share 0
R&D investment throughout Procurement material inspection pass rate:
Total assets: RMB Total employee training hours: the year: RMB
1.67 billion 97.8889 100% 9556.13million
Total employees:
Operating revenue: RMB Software re-verification rate: Greenhouse gas emission intensity:
0.529 679billion 100% 0.0209 tons of CO2
equivalent/RMB 10000 revenue
Female representation:
Net profit attributable to shareholders Customer service satisfaction rate:
of listed company: RMB
36.812198.2%21%
Total investment in public welfare/external donations: RMB
million 200000
Total tax contribution: RMB
41.9318 million
07 08Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
Honors & Memberships
Awards & Recognitions Awards & Recognitions
2023 Top Ten Leading Enterprises in Outstanding Contributing Shanghai Securities News Gold Quality Technology Innovation Award
Digital Economy Innovation Unit of the Year Shanghai Securities News
CCID Net China Academy of Information and
Communications Technology (CAICT)
2023 Award List of Outstanding Practice Cases
of National Standards on Network Security:
2023 Key Research Topic
Second Prize in Financial Sector Application
Outstanding Report
National Technical Committee 260 on
Securities Association of China
Cybersecurity of Standardization Administration
of China (TC260) Industry Association Memberships
Shanghai Commercial Shanghai Confidentiality Information Security and
Cryptography Industry Work Communications Privacy
Yinghua A-Share New Quality Productive ESG New Benchmark Association - Association - Vice Magazine - Vice
Forces Value Award Enterprise Award President Unit President Unit President Unit
China Fund News Stock Star
China State Secrets Shanghai Software Industry Shanghai Information Security
Protection Association - Association - Board Trade Association -
2024 ESG Practice Case Ranked Second in 2023 China Identity Member Unit Member Unit Board Member Unit
Guided by Shanghai United Media Authentication Market Vendor Structure
Group Jiemian News CCID Net Chinese Association for TC260 WG3 WG4 Working TC260 Big Data Working Group
Cryptologic Research Groups - Member Unit
Golden Intelligence Award for Koal's - Member Unit Member Unit
2024 Top Ten Representative Vendors Video Integrity Protection Gateway
in Commercial Cryptography Field
AQNIU.com Information Security and China Cybersecurity Shanghai Industrial Technology Shanghai Blockchain
Communications Privacy Magazine Industry Alliance Innovation Promotion Association Association
Board Member Unit Board Member Unit Board Member Unit
First to Pass CAICT Anti-Quantum Cryptography
2024 Outstanding Verification Test for Koal Anti-Quantum (PQC)
Contributing Unit Yulin Commercial Cryptography AssociationSecurity Authentication Gateway
Crypto+ Application Promotion Plan (CPII) China Academy of Information and Board Member
Communications Technology (CAICT)
09 10Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
Sustainable Development Management Stakeholder Communication
Koal attaches great importance to the opinions and concerns of its stakeholders. The Company continuously improves stakeholder
engagement mechanisms and communication channels to ensure regular interaction and enable effective stakeholder
participation in ESG governance.ESG Governance Structure
Koal places great emphasis on sustainable development management and is committed to embedding sustainability principles across all
aspects of its operations. The Company has established and continuously improved its ESG governance framework and management system Stakeholders Issues of Concern Communication Channels and Methods
formulated ESG-related policies and developed an efficient ESG management mechanism. ESG strategies are effectively integrated into
various departments and core business processes which consistently enhances top-down ESG engagement and management capabilities. Corporate governance General meeting of shareholders
The Company has built a comprehensive ESG governance framework encompassing the decision-making management and execution levels. Risk and compliance management Roadshow and performance briefing
The Board of Directors as the leadership and decision-making body for ESG affairs is responsible for reviewing and approving Koal's ESG Business ethics and anti-corruption Investor hotline and email
strategy governance framework major policies material ESG-related matters and risk response plans. Under the oversight and guidance of the R&D Innovation Engagement with small and medium
Board the ESG Committee was established chaired by the Chairman of the Board. The Committee is responsible for defining and continuously Product quality and safety shareholdersShareholders & Investors
optimizing the ESG governance structure setting key ESG strategic goals and plans reviewing the annual ESG work plans and supervising Sustainable supply chain Regular information disclosure (annual financial
their implementation. Under the ESG Committee the ESG Executive Committee has been formed to oversee the day-to-day management report ESG report WeChat official account
and implementation of ESG activities. During the reporting period Koal approved the Implementation Rules of the ESG Committee of Koal company website etc.)
Co. Ltd. and released the Announcement on the Establishment of the ESG Committee of Koal Co. Ltd. marking a significant step forward in Risk and compliance management Dedicated reception days
strengthening the Company's ESG management system. Business ethics and anti-corruption Information disclosure platform
Information security and privacy protection Government meetings and official visits
Board of Directors Climate change mitigation Regular information disclosure (annual financial
Government and Emissions and waste management report ESG report WeChat official account
Review and approve the Company's ESG strategic planning and objectives ESG governance Regulatory Bodies Product quality and safety company website etc.)
The framework and key policies. Communication with industry associations and
Decision- Review and approve material ESG matters and the Company's response strategies to major ESG- other organizations
Making Body related risks. Product quality and safety Customer satisfaction survey
Review the Company's ESG-related disclosure documents including but not limited to the annual Customer relationship management Communication with customers before during
ESG report. R&D Innovation and after sales
Information security and privacy protection Customer visits
Customers Climate change mitigation Customer reviewESG Committe
Clean technology opportunities (green Third party training
products and solutions)
Establish and continuously optimize the Company's ESG governance structure.Aligned with the Company's development strategy formulate key ESG objectives and plans review Labor and human rights management Employee activities and communication
The
the annual ESG plan and oversee its execution to ensure successful implementation. Diversity and equal opportunities Employee performance communication
Management Talent training and development Internal information communication platform
Body Supervise guide and optimize key tasks related to environmental protection social responsibility Employees Occupational Health and Safety Employee satisfaction surveyand corporate governance of the Company promoting the Company's sustainable development. Employee grievance channels
Review other major issues related to ESG
Handle other matters authorized by the Board of Directors. Product quality and safety Supplier training
Sustainable supply chain On-site audit and communication
Partners & Suppliers Climate change mitigation Regular visits
ESG Executive Committee Product quality and safety Face-to-face communication
The Information security and privacy protection Complaint hotline
Coordinate and implement the execution of assigned ESG matters.Execution Climate change mitigation Public welfare activities
Body Monitor and report on project progress and target achievement. Emissions and waste management Regular information disclosure (annual financial Community and Public
Collect and consolidate ESG-related information and data. Community engagement report ESG report WeChat official account
company website etc.)
Koal's ESG Governance Structure
11 12Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
High
Product Quality and Safety
Material Issue Management R&D Innovation
Occupational Health and Safety Information Security and Privacy Protection
Koal places high importance on and consistently refines its identification management and analysis of material issues. In 2024 Industry Ecosystem Development Addressing
the Company updated its analysis methods based on the latest disclosure standards including the Guidelines No. 14 of Shanghai Sustainable Supply Chain Climate Change Business Ethics and
Stock Exchange for the Self-Regulation of Listed Companies—Sustainability Report (Trial) the GRI Standards and the IFRS S1 Clean Technology Anti-corruption
Opportunities Human Resource Development
General Requirements for Disclosure of Sustainability-related Financial Information. Combining these with the Company's (Green Products and Diversity and Equal Opportunity
business characteristics Koal conducted a double materiality assessment comprehensively analyzing the impact of ESG issues on Solutions) Customer Relationship
the Company's finances as well as on the economy environment and society. Based on the identification results the Company Labor and Human Rights Management Management
adjusts its ESG work arrangements promptly to ensure effective implementation and optimization of ESG-related work providing
focused responses to material issues in this report. Risk and Compliance
Community Engagement Management
(Including Public Welfare Resource Utilization and Circular Economy Corporate Governance
Volunteering and Rural
Koal's Double Materiality Assessment Process for 2024 Vevitalization Support)
Emissions and Waste Management
ESG Issue Identification
With reference to macro-level policies in the regions where the Company operates and
industry-specific regulations or standards ESG issues were identified based on an analysis Low Significance of Impact on the Company’s Financial Performance High
of internal and external development trends. Both general and industry-specific material
Governance Dimension Environmental Dimension Social Dimension
issues were recognized through the following approaches: (1) referring to authoritative
domestic and international sustainability reporting guidelines and standards; (2) reviewing Material Impact
leading ESG rating frameworks and sustainability issues of concern within the industry; Risks and Opportunities Impact LevelIssues Period
(3) considering issues of shared concern among internal and external stakeholders while Inconsistent code quality and frequent security vulnerabilities may compromise system Negative Impact:
Product Short-term
also taking into account industry characteristics stage of development the Company's stability eroding user trust. highly significant;Quality and medium-term
business model and position in the value chain to identify topics of financial or impact High-quality products can enhance customer trust increase market share and provide Positive Impact: Safety long-term
materiality; and (4) incorporating expert opinions. competitive advantages. highly significant
Information Negative Impact:
Short-term Data breaches cyber attacks and evolving compliance requirements may expose the
Security highly significant;
medium-term Company to compliance risks or reputational damage.and Privacy Positive Impact:
long-term Robust internal information security measures can bolster customer confidence.Protection highly significant
Stakeholder Communication and Materiality Analysis Significant R&D investments carry inherent failure risks while rapid technological Negative Impact: Short-term
R&D advancements may lead to swift product and service obsolescence. moderately significant;
medium-term
Innovation Emerging technologies such as AI and cloud computing drive business growth complemented Positive Impact:
Research was conducted among key internal and external stakeholder groups in long-term by policy support accelerating the commercialization of technological achievements. highly significant
accordance with the principle of double materiality. Both impact materiality and Inadequate employee training and development may result in strategic and organizational
financial materiality assessments were carried out resulting in the 2024 materiality Negative Impact: Human Short-term change risks as well as increased employee turnover.matrix and the identification and prioritization of material issues for the year. moderately significant;Capital medium-term A comprehensive employee learning and talent development system will strongly support
Positive Impact:
Stakeholder participants included board members senior executives employees Development long-term the achievement of strategic goals enhance brand value and market competitiveness and highly significant
customers suppliers investors regulators media and the public. generate potential business opportunities.Instances of commercial bribery and corruption can incur significant economic costs
Business Negative
Short-term legal repercussions operational risks and reputational damage.Ethics Impact: significant;
medium-term Robust anti-bribery and anti-corruption measures help establish sound internal
and Anti- Positive Impact:
long-term management systems optimize processes and improve operational efficiency and
corruption moderately significant
transparency.Issue Confirmation and Reporting
Standardized services may fall short of meeting personalized needs potentially leading Negative
Customer Short-term
to decreased customer satisfaction. Impact: significant;
The results of impact and financial materiality assessments were integrated and Relationship medium-term Tailored services can precisely align with customer business models fostering increased Positive Impact:
reviewed through two channels: internal management and external experts. The Management long-term user loyalty. moderately significant
ESG Committee further reviewed and confirmed the findings. For material topics Growing demand for climate-friendly products and services may expose the Company to
the report provides focused disclosures covering governance strategy risk and operational risks such as downward pressure on product prices increased raw material Negative Climate
opportunity management as well as relevant indicators and targets. Medium-term costs and potential misalignment with market demands. Impact: significant;Change
long-term Development and innovation of climate-friendly products and technologies catering Positive
Mitigation
to customers with environmental protection and energy-saving needs can unlock new Impact: significant
growth opportunities.
1314
Significance of Impact on Economic
Environmental and Social SustainabilityKoal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
Real-time Monitoring and Continuous Improvement
Koal's Green Products Special
Topic Deploying monitoring systems on hardware platforms to track And Solutions real-time system utilization of cryptographic and computational components provides data support for performance optimization of
various system modules ensuring continuous reduction in overall
device energy consumption.As a leading provider of information security services Koal focuses on leveraging digital technology to enable a green
economy. The Company consistently pursues the development of eco-friendly digital technologies striving to integrate
environmental protection requirements throughout the entire product lifecycle. For new product development Koal has
adopted a strategy of "enhancing hardware performance through software optimization" offering more efficient and New Product Energy Consumption Optimization
environmentally friendly solutions to customers while reducing energy consumption and carbon emissions.After software optimization new products achieve an average energy
Intelligent Algorithms Enhance Energy Efficiency savings of 20% to 30% effectively reducing electricity consumption.The new generation of high-performance digital signature and
verification server products leveraging intelligent algorithms and other
Hardware platforms comprehensively implement instruction set optimization measures achieves a performance increase of about
optimization and performance scheduling algorithms supporting 200% in the Hygon CPU hardware environment compared to the
dynamic adjustment of hardware system parameters to achieve previous generation. This significantly improves hardware utilization
optimal performance and energy efficiency ratios. efficiency and reduces energy consumption and carbon emissions.Through intelligent algorithm optimization energy efficiency on the
Hygon CPU platform has improved by approximately 15%.Virtualization Technology Reduces Energy Consumption Case CPU Cryptographic Module — Achieving Improved Computational Efficiency per Unit
of Power Consumption
Implementing lightweight virtualization for products such as Traditional discrete "CPU + cryptographic card" security solutions face dual challenges in energy consumption and
cloud server cryptographic machines and cryptographic service environmental protection. Koal has achieved a significant improvement in cryptographic computation efficiency per unit
platform appliances allows more virtual services to run on the same of power consumption by integrating the cryptographic module into the CPU chip combined with micro-architecture level
hardware. This increases hardware utilization reduces the need for energy efficiency optimization design. Taking the SM2 algorithm as an example under the same power conditions the CPU
physical devices and lowers overall energy consumption. cryptographic module provides higher SM2 signature performance while avoiding energy efficiency degradation caused by
multiple card paralleling in ultra-high performance demand
scenarios. By eliminating independent cryptographic card
hardware PCB board material consumption is reduced
Code Structure Optimization Decreases Energy Usage simultaneously lowering energy loss and electronic waste
generation from both chip-level optimization and system-
Comprehensive code structure optimization including the level streamlining. This contributes to the construction of a
introduction of CPU affinity binding technology in core libraries comprehensive green computing system from chip-level energy
precisely allocates processor resources and optimizes memory saving to system-level environmental protection.management mechanisms. This significantly reduces processor
load and memory usage further lowering overall device energy
SM2 Signature Performance-to-Power Ratio (TPS/W)
consumption.
15 16Forging a Digital Shield
19 Innovation as a Driving Force
26 Safeguarding Customer Privacy
37 Protecting Data Security
47 Sustainable Supply Chain
Contributing to the UN SDGs
49 Industry Ecosystem Development2024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Innovation as a Driving Force Recruitment and Development of Innovative Talent
The Company constantly intensifies its
Governance Case IPD Integrated Product Development and DFX Trainingefforts to attract high-caliber scientific and
technological talent refining management
Koal upholding its mission to "defend digital sovereignty and safeguard the digital world" has consistently advanced its Integrated Product mechanisms that foster the development of In 2024 the Company conducted comprehensive training on IPD
Development (IPD) system and refined its R&D processes. In May 2024 the Company achieved CMMI Level 5 certification marking a significant research personnel. It implements sustained (Integrated Product Development) and DFX (Design for X). The training
leap in its R&D management capabilities. The Company persistently enhances its R&D management framework expands its portfolio of incentive plans for core talent and provides a primarily focused on strategies to promote DFX work and establish
innovative security product lines and positions innovation as the core driver of new growth. diverse range of online and offline professional DFX baseline models. DFX where X represents any stage in the product
During the reporting period the Company refined its R&D management structure by integrating the former Technology Center and Product skills training for R&D staff. This has culminated lifecycle such as manufacturing testing or service requires various
Business Center. All product and R&D personnel were consolidated into product line departments and the Product and Technology Committee in the establishment of a product technology functional systems to advance product development activities in
was established to oversee unified management. To further strengthen front- and back-end support for R&D the Company set up four R&D team distinguished by exceptional parallel with the R&D system. It emphasizes incorporating requirements
supporting departments: the Product and Ecosystem Management Department the Infrastructure Department the Consulting and Strategic professional expertise extensive industry from different stages and domains as early as the product requirement
Projects Department and the Innovation and Development Department. These departments work collaboratively to drive the Company's experience and robust innovative capabilities. analysis and design phases. This training initiative further enhanced
product and technology R&D efforts. This organizational and process optimization enables more effective resource integration and cross- During the reporting period the Company the collaborative development efficiency and quality across relevant
departmental collaboration fostering innovative thinking and accelerating the development of cutting-edge technologies and products. conducted over 10 specialized product departments within the Company bolstering product competitiveness
technology training sessions including and R&D capabilities.Strategy and Approach "HarmonyOS Next Development Sharing"
a series of courses on "Post-Quantum Era
Koal embraces a dual-drive strategy focusing on technology and products maintaining substantial R&D investments in emerging Cryptography Research" and foundational
technologies and products while preserving its leading position in scientific research and innovation. The Company actively training in anti-quantum algorithms.cultivates a technology innovation ecosystem that is enterprise-centric market-oriented and deeply integrates industry academia
and research. It adopts a multifaceted approach that balances independent R&D collaborative research and strategic project
acquisition with a primary focus on developing PKI and cryptographic service platforms. This approach aims to nurture new Co-building of Scientific and Technological Innovation Platforms
quality productive forces and establish robust security barriers. The Company has established six major R&D centers strategically located in Beijing Shanghai Xi'an Chengdu Nanjing and
Zhengzhou. It has also forged collaborations with multiple domestic research institutions and universities to establish four
Key Performance joint laboratories. These initiatives have resulted in the creation of high-level open scientific and technological innovation
platforms and comprehensive innovation systems accelerating technological advancement promoting industrial upgrading and
R&D investment throughout consistently contributing to industry development.the year: RMB Representing A year-on-year increase of
97.8889million 19.49 % of operating revenue 5% R&D Platforms Positioning and Functions
R&D workforce Constituting
201 29.60 8.96 % of R&D personnel professionals % of total staff hold master's degrees or higher Six R&D Six R&D centers have been established based on two key considerations: addressing the talent needs of
Centers production lines and aligning with the distribution of educational and research resources.Undertook over
Contributed to the formulation of And
4 20national standards 4 industry standards in 2024 key scientific research projects at
the national and provincial/ministerial levels Shanghai Jiao Tong University: The Cyberspace Security Key Laboratory was jointly established
Contributed to the establishment of over leveraging local academic resources in Shanghai to carry out comprehensive collaboration in the field of
Participated in the development of And network security.
20 40 20 Shaanxi Normal University: The Cryptography Application Research Key Laboratory was jointly third-party digital national standards industry standards established. Collaborating with the Xi'an R&D center and local universities it focuses on in-depth
certification centers in China Four Joint cooperative research in new cryptographic algorithms participation in national standard formulation and
Received over Laboratories research and design of industry cryptographic application solutions.Recipient of 20 Jiangsu University of Science and Technology:The Network Security Technology Laboratory was jointly 2 National Party and Government Recognized as a National Specialized established. Collaborating with the Nanjing R&D center and local Jiangsu universities it emphasizes National Science and Cryptography Science and Technology Refined Differentiated and application innovation and conducts in-depth cooperation in the field of cybersecurity.Technology Progress Awards to date Progress Awards and provincial-level Innovative (SRDI) Little Giant Jinan University:The Network Security Joint Laboratory was co-established in Guangzhou to conduct
Science and Technology Progress Awards. Enterprise. cutting-edge research on distributed identity and autonomous identity technologies.
19 202024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Case Establishment of Donghua-Koal Industry-Education Integration Base with Donghua University
Special Topic Post-Quantum Cryptography Technology
On November 5 2024 Koal and the School of
Computer Science and Technology at Donghua As a pioneer in cryptographic applications Koal has established a comprehensive ecosystem in post-quantum cryptography
University held a university-enterprise cooperation encompassing technology R&D product innovation and collaborative partnerships. The Company has forged alliances with
signing ceremony at the headquarters of the G60 universities to establish post-quantum cryptography laboratories
Commercial Cryptography Industrial Base. The driving the formulation of national standards and industrial
Donghua-Koal Industry-Education Integration implementation. It has developed a robust post-quantum
Base was officially inaugurated. Additionally cryptographic product portfolio with its security authentication
several key management personnel from Koal gateway successfully passing the PQC application system upgrade
were appointed as off-campus mentors for full- verification test conducted by the China Academy of Information
time professional graduate students at Donghua and Communications Technology.University providing project practice guidance and
collaboratively cultivating high-quality talent in In the area of In the area of In the area of ecosystem
computer science and technology. technology R&D product development collaboration
The Company integrates Quantum The Company leverages academic Koal has taken the lead in establishing
Random Number Generation (QRNG) resources to develop cutting-edge the G60 Quantum Cryptography
Advancing New Quality Productive Forces Quantum Key Distribution (QKD) cryptographic detection and situational Application Innovation Center
and other quantum cryptography awareness tools enabling closed- partnering with industry leaders to
The Company actively responds to the national initiative for developing new quality productive forces by promoting the application of R&D technologies with post-quantum loop management throughout the promote technology integration and
innovation outcomes. It focuses on next-generation PKI leveraging its cryptographic service platform as a flagship product to support new cryptographic algorithms. This lifecycle of cryptographic applications ecosystem development. In the financial
industry expansion. Leveraging its Common Building Blocks (CBB) — a cryptographic library and infrastructure platform — the Company integration forms the foundation for and effectively addressing gaps in sector it has spearheaded research on
supports four US standards and three Chinese national standards for post-quantum algorithms with core cryptographic products fully fully integrated quantum network the product line. It has successfully post-quantum cryptography innovation
equipped with post-quantum capabilities. During the reporting period the Company achieved the following innovative milestones: security and data security solutions. upgraded mainstream products in the securities industry setting a
Through unified key management with post-quantum cryptographic benchmark for the field. The Company
services it achieves seamless capabilities and introduced China's has instituted regular technical exchange
compatibility between quantum first series of fully quantum-secure forums convening university experts for
and post-quantum keys providing products including quantum-secure seminars on cutting-edge topics such
Launched the new generation KOAL- Developed a blueprint for next-generation PKI Seamlessly integrated core a robust security barrier against PKI/CA key management systems as post-quantum cryptography and
SVS digital signature and and successfully productized post-quantum cryptographic technology with quantum computing attacks for cryptographic machines and VPNs. privacy computing. Through standards
verification server. cryptographic technologies. A comprehensive Huawei's HarmonyOS NEXT business systems. The Company has also independently adaptation technology integration
range of post-quantum products was unveiled operating system promoting digital developed post-quantum and cross-domain cooperation the
at the 10th China (Shanghai) International and intelligent transformation. cryptographic cards and related Company consistently reinforces
Technology Fair (CSITF) in 2024. algorithmic products establishing its technological leadership in post-
a comprehensive post-quantum quantum cryptography delivering
cryptographic service capability. forward-looking fully quantum-secure
solutions across various industries.Actively participated in the drafting Spearheaded the drafting of the Achieved a significant milestone
of several key industry research Implementation Guidelines for as Koal's Security Authentication
outputs including the Post- Cryptographic Application and Security Gateway with Post-Quantum
Quantum Cryptography Application Assessment of Government Affairs Cryptography (PQC) Capabilities
Research Report the Cryptographic Cloud in the Government Affairs Domain became the first to pass the
Service Maturity Model and and the Implementation Guidelines post-quantum cryptography
the Web 3.0 Digital Identity for Cryptographic Application and verification test by the China
Cryptography Research Report. Security Assessment of Government Academy of Information and
Recognized as an Outstanding Service Platforms in the Government Communications Technology.Contributing Unit for the Year by Affairs Domain both of which were Won the Golden Intelligence
the China Academy of Information officially released by the Cryptography Award in China's Network
and Communications Technology. Evaluation Joint Committee of the Chinese Security and Information Industry
Association for Cryptologic Research. for the Koal's Gateway for Video
Integrity Protection.
21 222024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Case Launch of the New Generation KOAL-SVS Digital Signature and Verification Server Application Practice Based on CPU-Integrated Cryptographic Modules Showcased
Case
at the OpenAnolis Security Conference
The digital signature and verification server is a sophisticated cryptographic device that provides digital signature and
verification services based on PKI infrastructure. It employs advanced digital signature and certificate technologies to ensure Koal in strategic collaboration with Hygon Information Technology Co. Ltd. participated in the Private Session
non-repudiation and integrity protection for data forming the cornerstone of trust for data collection storage transmission for the OpenAnolis Conference 2024. At this event Koal unveiled its innovative application solution based on CPU
and sharing. Koal's new generation digital signature and verification server boasts enhanced security superior performance cryptographic coprocessor modules. The Company proactively explores technological applications and solutions for
and user-friendly operations. It comprehensively addresses both server-side and client-side digital signature and verification integrating cryptographic coprocessor modules within CPU chips. Their commercial cryptographic application built
scenarios accommodating multi-language and multi-platform application integration needs while supporting centralized on the Hygon platform features an advanced cryptographic coprocessor module designed to implement public key
management of multiple digital signature and verification servers. cryptography (SM2) hash function (SM3) symmetric cryptography (SM4) and random number generation. As of the end
Furthermore this cutting-edge product supports an expanded range of the reporting period Koal's entire product line has been successfully equipped with the capability to integrate CPU
of algorithms including SM2 RSA SM9 international ECC (13 types) cryptographic modules.and post-quantum cryptography delivering a 200% performance
improvement over its predecessor. It offers tailored signature capabilities
for diverse scenarios providing robust solutions for government affairs
finance healthcare and other sectors. With streamlined business logic
and intuitive interaction it significantly enhances usability enabling
users to effortlessly manage complex tasks.Case Empowering the Low-Altitude Economy and Building the "City in the Sky"
Koal is at the forefront of developing a comprehensive security system for the low-altitude economy leveraging cryptographic
technology as its core driver for new quality productive forces. As a founding member of the China Low-Altitude Economy
International Cooperation Alliance the Company focuses on three key directions to build a secure ecosystem: Intellectual Property Protection
Koal maintains strict adherence to key legislation including the Patent Law of the People's Republic of China the Trademark Law of the
People's Republic of China and the Copyright Law of the People's Republic of China. The Company has implemented comprehensive
policies such as the Intellectual Property Management Manual and the Company Patent Work System. A dedicated patent work
management team has been established to enhance the identification and control of intellectual property infringement risks and
safeguard intangible assets. While rigorously protecting its own intellectual property the Company ensures scrupulous respect for the
Establishing a trust service Constructing an advanced cloud- Developing a sophisticated trademarks patents copyrights and other intellectual property rights of external entities. During the reporting period the Company
system for low-altitude aircraft edge collaborative security data asset management system conducted Contract and Compliance Training which incorporated essential intellectual property content significantly enhancing
by deploying identity-aware system that implements robust that utilizes cutting-edge employees' understanding of intellectual property protection. A total of 152 trainee attendances were recorded for the specialized
devices and signal monitoring communication protection cryptographic technology for intellectual property training with a cumulative training duration of 4 hours.systems. This system enhanced through cryptographic chips precise entry and monitoring of
by AI dynamically identifies at the edge while building a low-altitude geospatial data. This Key Performance
cooperative and non-cooperative centralized cryptographic service system forms a comprehensive
aircraft precisely preventing and platform in the cloud. This asset library and establishes Granted And
controlling illegal gatherings and platform offers comprehensive network security baseline
other anomalous behaviors while services such as digital management capabilities 13 new patents 15software copyrights 2 rademark registrations
providing crucial data support for signatures and data encryption. creating a trustworthy and in 2024
cross-departmental governance. Additionally zero-trust controllable digital foundation
technology is integrated to fortify for the high-quality development Koal successfully
network security protection. of the low-altitude economy. obtained GB/T 29490- Secured a cumulative And
2013 Intellectual Property total of
Management System
certification. 84patents 197software copyrights 14 trademark registrations
23 242024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Impact Risk and Opportunity Management Safeguarding Customer Privacy
To effectively address various risks including technology development market competition intellectual property and policy and
regulatory challenges Koal has established a Product and Technology Committee. This committee strengthens the evaluation
and approval processes for technology and product development projects. Additionally four supporting departments have been
created to enhance front- and back-end support. Through cross-departmental collaboration in R&D marketing procurement and Governance
quality control the Company ensures that risk management activities are integrated throughout the entire product and technology
Koal prioritizes customer needs integrating these requirements into product technology development quality control and sales
development lifecycle. Throughout the lifecycle of R&D projects the Company closely monitors market trends technological
processes. The Company has established a collaborative response mechanism among product technology quality and sales
advancements and policy developments. It consistently conducts risk identification assessment and monitoring promptly
departments. This ensures rigorous quality and risk management throughout the product lifecycle guaranteeing high-quality
adjusting risk management strategies based on changes in internal and external environments. The Company has implemented
products while ensuring customer needs are swiftly addressed and clearly implemented across all business chain links. This
risk warning mechanisms and reporting systems to ensure that all R&D activities remain within manageable risk parameters.approach delivers superior products that satisfy customers and significantly enhances market competitiveness.Analysis of R&D Risks Response Strategies Strategy and Approach
The Company adheres to the strategic policy of "constantly meeting customer and relevant legal and regulatory requirements
Actively participate in domestic and international anti-quantum cryptography standard-setting through secure and reliable product functions and consistently improving service quality." It maintains the principle of "balancing
Technology development dynamically adjusting research directions to align with mainstream standards. product innovation with reliability and security; coordinating technology progress and quality." Koal consistently enhances
and integration risks Develop a comprehensive innovation system covering technology development productization and its quality management system strictly adheres to quality standards and provides customers with satisfactory products and
Market competition risks ecosystem collaboration. exceptional services. Concurrently the Company actively pursues a "going global" strategy focusing on expansion under the
Belt and Road Initiative. This involves providing data transaction security services for overseas customers and assisting them in
Policy and regulatory risks Conduct regular customer surveys to optimize product functionality and adaptability; implement
modular design to swiftly respond to evolving market demands. addressing technical challenges and service assurance issues.Intellectual property risks
Monitor data security regulation dynamics performing regular compliance reviews to ensure products
meet the latest policy requirements. Data Security Products and Services
Conduct patent infringement risk analysis on the technical content of R&D projects and incorporate Comprehensive Cryptographic Service Capability System
specific intellectual property legal risk review nodes in the contract approval process to identify and
mitigate IP risks. Koal has developed a comprehensive cryptographic service capability system centered around the Cryptographic Service
Platform. This "1+3" product ecosystem incorporates the Cryptographic Regulatory Platform Operations Management Platform
and Cryptographic Laboratory. The Cryptographic Service Platform is capable of managing various cryptographic devices
Indicators and Targets heterogeneously and integrating diverse cryptographic services offering a wide range of sophisticated cryptographic service
capabilities for upper-layer applications.Indicator/Target 2024 Target Achievement Status
Management Level:
Implement product manager responsibility system to restructure product and R&D
practices.Target achieved
Establish 4 new supporting departments.Merge testing and production to enhance production efficiency.Implement performance evaluation mechanism for R&D personnel.Product Level:
Focus on next-generation PKI development.Launch new version of SVS.Target achieved
Utilize cryptographic service platform as flagship product to support new industry
expansion.Deepen user data business to establish foundation for data security product line.Support Level:
Improve development efficiency across product lines by establishing Common Building
Blocks (CBB) a cryptographic library and infrastructure platform. Target achieved
Implement company-wide security testing environment.Develop consulting expert teams for key industries.
25 262024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Data Security Product System
The Cryptographic Service Platform and its components offer flexibility in tailoring and In today's digital landscape data has emerged as a critical asset for both businesses and society at large. Data security is not only
combination to meet specific requirements. They can be delivered through various vital for maintaining operational stability and corporate reputation but has also become an essential compliance requirement in
means including single machine single package all-in-one machine data center cloud an increasingly stringent regulatory environment. Recognizing this Koal has consistently positioned data security as a cornerstone
platform or cryptographic cloud. These solutions provide comprehensive cryptographic of its strategic expansion. The Company constantly invests significant resources in the deep cultivation and innovative R&D within
integration operations maintenance and regulatory functions across diverse scenarios the data security domain striving to deliver exceptional data security products and comprehensive solutions to clients worldwide.such as cloud environments big data mobile terminals IoT and AI. Koal excels in integrating cutting-edge technology with practical client needs crafting bespoke data security solutions for each
customer. To achieve this the Company has assembled a multidisciplinary R&D team. This team comprises seasoned data security
experts specialized software engineers and elite AI algorithm researchers. Their focus is on exploring the frontiers of data security
Single Machine Single Package Delivery technology and driving practical innovation resulting in breakthroughs across numerous critical technical areas. Consequently
This option offers straightforward and flexible deployment at a low cost Koal has developed a comprehensive and multi-layered data security product system that encompasses the entire data lifecycle
making it ideal for small enterprises and individual users. Its plug-and-play management providing clients with a robust data security shield.functionality enables rapid deployment and simple maintenance significantly
reducing the IT management burden.Data Lifecycle
All-in-One Machine Delivery
This solution integrates hardware and software in a ready-to-use package Collection Transmission Storage Usage Exchange Destruction
minimizing deployment time. It is particularly suitable for scenarios requiring
rapid launch operating under budget constraints or involving numerous
small-scale business applications. Data Collection Data Transmission Data Storage Data Processing Data Exchange Data Destruction
Security Security Security Security Security Security
Data Center Delivery Integrated Data Security Platform
This approach provides robust computing and storage resources capable Security Situation S e c u r i t y T h r e a t Security Capability
of handling large-scale data processing. It ensures high availability and fault Awareness System Detection System Assessment System
tolerance guaranteeing business continuity while offering ease of expansion
and management.Identity Management
Cryptographic Basic Cryptographic Identity
Authentication and
Infrastructure Service Capabilities Infrastructure
Authorization
Cloud Platform Delivery
By leveraging cloud platform advantages this method offers flexible resource
management and elastic scaling. It optimizes cost and performance while Cryptographic Service Platform
enhancing business agility and security. Public Key Infrastructure (PKI)Cryptographic Key Management
Machines System (KMS)
Identity and Access Management (IAM) System
Digital Signature and Timestamp
Verification
Cryptographic Cloud Delivery
This specialized service focuses on encryption employing advanced
technology and stringent access control to ensure the security of data
transmission and storage. It simplifies cryptographic management offering
instantly accessible cryptographic services.
2728
Reliable Data Content Supervised Cross-border Data
Trustworthy Data Circulation Traceable Data Compliance2024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Security Service System CM Financial Technology National Cryptographic Service Platform
Case
Koal has developed a comprehensive one-stop data security service capability. The process begins with in-depth consulting Construction Project
enabling clients to gain thorough insights into their data assets and precisely identify potential risks. The Company then provides Koal played a pivotal role in developing the CM Financial Technology National Cryptographic Service Platform. Adhering to
security construction integration services and product implementation services to ensure the smooth deployment of data the Central Bank's Document No. 140 compliance requirements they engineered a service platform compatible with multiple
security solutions. In terms of ongoing support Koal offers a range of data security operations services including security system vendors' financial cryptographic machines. This platform achieves unified management centralized monitoring and standardized
operations daily security maintenance and emergency response services. Regular professional assessments help enterprises cryptographic service API interfaces. The solution implements a distributed cascading architecture (one master multiple slaves
constantly optimize their security measures ensuring the continuous enhancement of data security protection capabilities. This model) incorporating collaborative signature services. It supports mobile key splitting technology and can issue digital certificates
holistic approach safeguards the digital transformation journey of enterprises. for hundreds of millions of users. The platform seamlessly integrates with existing systems such as 4A and Firefly minimizing
application modification costs through unified key interface encapsulation. Furthermore it enhances cryptographic service
Data Security situation awareness and analysis capabilities. Key components include a cryptographic service platform key management system
Operation Services
Data Security cryptographic machine adaptation module collaborative signature gateway and mobile cryptographic module. These elements
Implementation Services Service Content collectively meet the compliance and operational efficiency requirements of the financial sector.Data Security
Consulting Services Service Content Security System Operation
Daily Security Maintenance
Service Content Security Construction Emergency Response Service
Integration Service Case Shanghai Municipal Bureau of Finance Treasury Budget Integration Innovation Project
Asset Review Service Service Value In 2023 Koal began its involvement in the Shanghai Municipal Bureau of Finance's Treasury Budget Integration Innovation
Risk Assessment Service Service Value Project. This initiative aims to modernize electronic management of centralized treasury payments across municipal district
Security System Construction Strong Data Security AssuranceCustomized Solutions and town levels while adapting to innovative technologies. The project leverages domestically produced innovative products as Continuous Evolution and
Address Protection its operating platform incorporating Koal's electronic seal and digital signature security devices to safeguard electronic vouchers
Service Value Optimization Around Business NeedsCapability Gaps and data integrity. By centrally deploying electronic voucher security support components and electronic seals and utilizing
Clarify Current Data Security Status government networks alongside dedicated treasury networks the project establishes secure connections between financial
Identify Risks and Issues departments agent banks and sub-treasuries. The implementation of digital certificate-based electronic signatures and seal
Meet Regulatory Compliance technology significantly enhances the efficiency of district-level financial payments and bolsters voucher security management.Requirements
Product Quality and Safety
Product Implementation/ Ongoing Evaluation/ Building upon on the ISO 9001 Quality Management System and CMMI 5 Capability Maturity Model Integration certification Koal has formulated
Inventory Assets/Assess Risks
System Construction Continuous Optimization institutional documents such as the R&D Project Quality Assessment Measures (Draft) and Quality Management Manual. Focusing on customer
needs key areas and core processes the Company has established a comprehensive quality management system that spans the entire
product lifecycle to deliver high-quality products and services. Annual internal audits and management reviews of the quality management
system are conducted as scheduled refining existing processes and integrating new requirements into business operations. During the
reporting period Koal maintained an impeccable record with no major quality or safety-related incidents concerning its products and services.Key Performance
Achieved ISO 9001 Obtained ISO 20000 Secured CCRC Attained CMMI 5 Acquired ISO 27001
Quality Management Information Technology Information Capability Maturity Information Security
System Certification Service Management Security Service Model Integration Management System
System Certification Level 2 Certification Certification Certification
Full Lifecycle Quality Management
During the reporting period the Company undertook a comprehensive upgrade of its quality management system drawing
inspiration from the CMMI 5 model. This initiative aimed to bolster the implementation of quality management practices enhance
product quality and improve R&D and testing efficiency. The result was the establishment of a robust quality management system
that spans the entire product lifecycle encompassing requirements design coding testing production delivery and maintenance
phases. As part of this effort the Company developed the R&D Project Quality Assessment Measures (Draft). This document serves
as a supplement to the existing quality management system redefining activity requirements for each stage of R&D projects. It also
introduces corresponding assessment and incentive measures designed to foster greater employee initiative in quality-related tasks.Furthermore the Company has raised the bar for high-level requirement documentation and review processes thereby strengthening
the qualification rate of high-level requirements and enhancing overall review effectiveness.
29 302024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Product Testing and Recall
The Company has established comprehensive institutional documents including the Test Operation Guidelines and Quality and Safety
Requirements for Company Products and Software Deliverables. These documents provide clear stipulations on various aspects of
software testing including test classification objectives design steps pass criteria and primary evaluation methods. The testing regime
requires different objects to be evaluated at various stages of the software lifecycle. Notably all company products must meet internal
Requirements Design Coding security testing "Level 1" requirements before they can be cleared for delivery. During the reporting period the Company successfully
Product requirements must adhere Design processes must prioritize shipped 2512 hardware products. Each of these products underwent rigorous inspection in accordance with the checkpoints defined in All code must comply with
to principles of reasonableness efficiency and maintainability the Product Inspection Specifications prior to shipment.established standards with a
stability and accuracy aligning following CMMI templates for particular emphasis on security The Company has implemented a Non-conforming Product Control Procedure to guide the identification and control of non-conforming
with CMMI model and template outline design. design. Unit tests are mandatory products at various stages of the product lifecycle. In cases where non-conforming products are discovered after delivery to customers
writing standards throughout the A/B class projects necessitate with test cases and results or after use has commenced the Company conducts a thorough verification of the specific circumstances. Based on this assessment
product lifecycle. separate outline design meticulously recorded. a determination is made regarding whether to notify customers for a potential recall thereby preventing the unintended use or further
For system testing-related projects documentation which is subject delivery of non-conforming products. During the reporting period the Company did not experience any product recall events.These unit tests should
the involvement of testing to a "formal inspection" review. comprehensively cover key
personnel in requirement reviews elements such as test objects Quality Culture Development
is mandatory to ensure testability. inputs and outcomes. Koal actively fosters a quality-centric culture. The Company regularly conducts
quality training sessions for employees to enhance overall quality awareness and
improve management efficiency and product quality. During the reporting period
four comprehensive quality training sessions were held covering crucial topics such
as project management processes institutional document dissemination advanced
requirement writing and review techniques and sharing of best practices.Production "Integration Testing Execution Testing
Requirements and Best Practices Sharing"
The production process is Integration testing is conducted following functional acceptance with Supply Chain Quality Control themed quality training session
governed by a set of guiding A/B class projects requiring independent test cases and defect lists.documents including the Koal places significant emphasis on supply chain quality control. The Company establishes clear quality standards by signing Configuration managers are tasked with verifying delivery item compliance.Product Assembly Production the Supplier Product Quality Assurance Agreement with its suppliers. This agreement delineates specific requirements regarding
In system testing test cases must provide full coverage of requirements and
Guidelines Product Inspection quality responsibilities issue resolution processes and problem-handling procedures ensuring consistent quality throughout the
test reports are subject to review. QA personnel are responsible for checking
Specifications Product entire supply chain. Additionally Koal regularly organizes quality-related training and exchange programs with suppliers. These
the completeness of test documentation.Factory Inspection Form and initiatives enable suppliers to gain a deeper understanding of the Company's quality requirements thereby promoting overall
Product Protection Operating The Company places significant emphasis on integration testing execution quality improvement across the entire supply chain ecosystem.Instructions. Adherence to requirements to verify module functionality interface integrity data
these documents ensures the transmission accuracy and compliance with system design specifications.Key Performance
manufacture and delivery of This approach facilitates more efficient problem detection and localization.qualified products. Achieved Accumulated a total of Recorded
100 coverage of product 629.83 hours of 685 attendances in
quality training for R&D personnel. product quality training. product quality training sessions.Delivery Maintenance
Customer Relationship Management
Upon product arrival at the user site a structured process of display Regular product maintenance is
installation adaptation and debugging is carried out in accordance with conducted following management Koal prioritizes customer needs and interests constantly enhancing its service system to improve the precision and
guiding documents such as the Product Delivery Process and Implementation control documents including professionalism of customer service thereby elevating overall service quality and customer satisfaction.Plan. User satisfaction data is collected as part of this process. the Monitoring and Measuring
Equipment Control Procedures Customer Service Management
and Equipment Maintenance The Company consistently refines its internal customer service management systems clearly delineating pre-sales mid-sales
Regulations. and after-sales service processes. This comprehensive approach manages all aspects of customer service encompassing after-
sales service requests and handling hardware warranty services software defect resolution product inspection services customer
complaint management and system upgrades. The objective is to deliver high-quality efficient and flexible services with customer
satisfaction as the primary focus.
31 322024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Pre-Sales Mid-Sales After-Sales Listening to Customer Concerns
Koal prioritizes customer concerns and feedback implementing robust institutional documents such as the Koal Customer Service
Market research and customer Project implementation: Execute Customer follow-up and feedback Hotline Handling Process and Customer Service Hotline Handling Guidelines to establish a standardized customer communication
development: Identify target product production or service collection: Conduct regular follow- process. This system ensures swift response to and resolution of customer issues enhances the investigation handling tracking
customers through industry preparation according to standard ups (via phone email or on-site and supervision of customer complaints and conducts thorough post-mortem analyses of customer feedback for continuous
analysis competitive research procedures monitoring progress visits) to assess product usage and improvement. These measures guarantee timely responses to customer needs and consistently elevate customer satisfaction.and customer profiling. overseeing quality and maintaining service experience. Identify areas for
Requirements analysis and timely communication throughout improvement through satisfaction
communication: Engage in implementation. surveys and complaint analysis.thorough discussions with Logistics and delivery: Coordinate Technical support and problem Utilize multiple channels for receiving Customer service personnel Allocate complaints to
customers to clarify pain points transportation provide on-site resolution: Offer free maintenance customer complaints including or relevant department appropriate departments or
budget constraints and timeline support for installation debugging and remote technical guidance customer service hotlines emails heads conduct an initial teams based on their category
requirements. and user training to enhance the within the contract period establish and customer service platforms. assessment to determine and severity.Solution design: Develop tailored customer experience. rapid response mechanisms (e.g. Upon receipt of a complaint
whether immediate resolution
24/7 availability) and maintain customer service personnel is required or if the complaint solutions based on specific should be escalated to other
requirements. constant readiness. meticulously document all details departments.Customer relationship including the complainant's basic
maintenance: Conduct regular information specific issues raised
customer visits to bolster satisfaction. and time of complaint.The Company annually undertakes key improvement projects to optimize customer service and enhance service capabilities. Complaint Reception Preliminary Analysis Assignment
During the reporting period Koal focused on improving customer service capabilities through three main initiatives: strengthening
knowledge base construction refining key customer engagement models and enhancing ERP system process operations.Investigation and
Strengthening knowledge Refining key customer Enhancing ERP system Summary and Improvement Follow-up and Feedback Resolution
base construction engagement models process operations Summarize the complaint After implementing the solution Responsible personnel
handling process analyzing conduct follow-up assessments conduct a thorough
Delivery and maintenance personnel To ensure premium continuous The Company has comprehensively
root causes and identifying to gauge customer satisfaction investigation of the complaint
input their problem-solving methods service experience for key customers reviewed and restructured existing business
areas for improvement in the with the resolution. including understanding the
and experiences into the knowledge the Company has adopted a one- processes within the ERP system eliminating
handling process. specific circumstances and
base in real-time. Professional staff stop dedicated engagement model. unnecessary steps and streamlining
gathering relevant evidence
regularly curate the knowledge base A triad of sales manager technical procedures to ensure efficiency and
and materials.identifying effective information and manager and project manager rationality in each process. By integrating
segmenting it for use by maintenance provides ongoing service to key different business modules automated Communicate the proposed
personnel and customers before customers with each specialist data flow is achieved reducing manual solution to the customer
publication. The Company is undergoing offering tailored service solutions intervention and error rates significantly soliciting their feedback to
system upgrades with plans to based on specific customer shortening response times and markedly ensure satisfaction.implement AI technology for intelligent situations and needs ensuring improving customer service satisfaction.generative Q&A to assist maintenance prompt response and resolution of Through enhanced ERP system process
staff and customers aiming to provide customer requirements. operations the Company has achieved
enhanced service. dual improvements in communication and The Company regularly conducts customer satisfaction surveys. Following on- Key Performance
management efficiency. site customer service technical support personnel collect customer-completed
satisfaction survey forms and personally deliver them to the department manager. Customer service
The survey encompasses satisfaction with both the current service and the product. satisfaction rate
The Company emphasizes the development of professional skills and business acumen within its sales team regularly conducting After collecting this information the Company thoroughly analyzes the survey
training to enhance customer service capabilities. These sessions cover key aspects including market analysis customer needs results promptly adopting targeted improvement measures to consistently optimize
identification and after-sales service aiming to cultivate a high-quality efficient customer service team. During the reporting %products and services and enhance overall customer satisfaction. 98.2
period the Company conducted 35 customer service training sessions.
33 342024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Responsible Marketing
Koal adheres strictly to relevant laws regulations and industry norms in
its operational regions. In compliance with regulatory requirements the Total duration of responsible marketing training
Company has implemented a rigorous review process and established
a responsible marketing material review and supervision mechanism. 3248.17 hours
This ensures that all marketing materials undergo approval by authorized
management personnel before release. Products and materials provided to
customers are accompanied by certification from authoritative institutions.All customer case studies publicly display traceable customer names and Total attendance
contact information ensuring authenticity through stringent verification
processes. The products provided to customers in conjunction with other 1802
customer products form comprehensive information systems that can
only be activated for use after certification by authoritative departments
following system deployment. Furthermore the Company regularly
conducts responsible marketing training for all employees involved in
marketing activities providing guidance and mandating adherence to
approved messaging during external communications. This prevents
the dissemination of inaccurate exaggerated outdated ambiguous
or undisclosed information. During the reporting period the Company
maintained a clean record with no significant marketing-related violations.Impact Risk and Opportunity Management Indicators and Targets
Koal has implemented a multifaceted risk prevention and control system that encompasses data security product services Indicator/Target 2024 Target Achievement Status
quality management and customer response. Through systematic risk control the Company ensures the robust security support
capability of its cryptographic technology in critical sectors such as government affairs finance and national defense thereby Average defect density of submitted product test Target achieved
providing a reliable data security foundation for the development of Digital China. versions < 20/KLOC Actual average defect density: 16.96/KLOC
Analysis of Customer Target achieved
Response Strategies Training plan implementation rate ≥ 95%
Privacy Protection Risks Actual implementation rate: 100%
Target achieved
Core cryptographic technology Enhance investment in anti-quantum cryptography and national cryptographic Procurement material inspection pass rate ≥ 95%
Actual pass rate: 100%
vulnerability risks algorithm upgrades while actively participating in the formulation of industry
Product compatibility and standards (e.g. cryptographic module security testing standards) to maintain
adaptability risks technological leadership. Target achievedProduct production process error detection rate < 10%
Quality control risks Offer pre-deployment testing services on the customer side to proactively identify
Actual error detection rate: 2.05%
After-sales support and resolve adaptation issues.capability risks Reinforce product quality control throughout the entire lifecycle constantly
Target achieved
Test software reconfirmation rate ≥ 90%
improving product quality and enhancing R&D and testing efficiency. Actual reconfirmation rate: 100%
Establish industry-specific service teams to provide dedicated technical support for
key customers. Target achievedCustomer service satisfaction rate ≥ 95%
Develop a remote operation and maintenance platform leveraging AI technology Actual satisfaction rate: 98.2%
for predictive fault detection and rapid response.
35 362024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Protecting Data Security Strategy and Approach
Koal adheres to the principle of "security first prevention as a priority." Drawing upon mainstream domestic and international regulatory
requirements general information security management system standards and industry best practices the Company has established
As a pioneer and leader in China's information security digital trust sector Koal consistently enhances its internal information security a comprehensive information security and confidentiality management system. It constantly enhances its security management
management system while providing robust security protection for customers. The Company has established comprehensive framework for critical information infrastructure implementing robust information security measures across policies organization
confidentiality protocols for both employees and the organization ensuring data security for the Company and its clients. Koal has personnel infrastructure and operations. Concurrently the Company employs cutting-edge technological solutions to safeguard the
developed PKI infrastructure and created an all-encompassing information security data security and IoT security service framework. integrity and availability of internal data thus ensuring comprehensive protection of the Company's information assets.The Company has fully integrated its business systems email platforms cloud storage and other digital assets implementing Service Support System
gateway IDaaS single sign-on control. Leveraging its distinctive identity management technology and cryptographic applications Koal
comprehensively manages online business and information flows across sales procurement production customer management
Security Policy System Security Technology System
financial management and human resource functions. This enables secure remote access control in the cloud establishes a
comprehensive information security assurance system and raises employees' information security awareness fostering a safe and Security Strategy Pre-event Control
reliable information environment.Security Organization Resource Resource Authori Dynamic Trusted Resource Trusted Trusted Cryptographic
Object Management zation Control Authentication Marking Services
Asset Management
Governance In-process Protection
Koal strictly adheres to relevant laws and regulations including the Cybersecurity Law of the People's Republic of China the Data Security Data Transparent Data Data Flow Control Centralized Data Control
Law of the People's Republic of China the Personal Information Protection Law of the People's Republic of China the State Security Law Control Encryption/Decryption
of the People's Republic of China and the Measures for the Administration of Data Security in the Industry and Information Technology
Sector (Trial Implementation). The Company has formulated internal policies and management norms such as the Information Security Application Application Access Application Access Application Code
Security Authentication Control Signing
Management System Manual Network and Information Security Management System and Confidentiality Work Assessment and Reward
and Punishment System. These measures contribute to a comprehensive information security management framework and establish an Cryptographic Application Data Flow Verification Behavior Accountability
automated early warning mechanism for information security incidents safeguarding the Company's information infrastructure application Incident Management
systems products and customer data. Boundary Boundary Access Boundary Access Terminal Identity Business Continuity Security Authentication Control Authentication
Koal has established a Confidentiality Work Leading Group integrating information security and confidentiality practices into the business Management
processes of all departments. The group is led by Director Fan Feng who bears overall responsibility for the Company's information security Compliance Management Network Source Information Channel Transmission Anti-tampering of
and confidentiality efforts. Deputy leader Zhong Jian coordinates and promotes information security and confidentiality initiatives. Under Security Organization Communication Encryption Protection Transmitted Information
the Confidentiality Work Leading Group the Confidentiality Office manages daily confidentiality operations while the General Office System
oversees network and information security decision-making. Other departments are responsible for implementing information security Anti-theft of Two-way Transmission Video Encryption Establishing Security Supervision Transmission Traffic Authentication and Compression
and confidentiality measures within their respective domains ensuring a standardized orderly and efficient approach to the Company's Management System
information security management. Terminal Integrated Identity
Trusted Terminal Marking Usage Object Marking
Environment Authentication
Confidentiality Work Leading Group
Terminal Cryptographic Trusted Program Anti- Local Cryptographic
The group leader bears overall responsibility for the Company's information security and Calculation Module counterfeiting Operation Calculation Sandbox
The confidentiality efforts
Management
Oversee the implementation of information security and confidentiality work responsibility systems Post-event Response
Bodies and address critical issues in these areas.Implem
Review and approve information security and confidentiality management systems. entation Audit Detection Monitoring Auditing Tracing
Allocate human financial and material resources to support information security and Scanning Penetration Testing
confidentiality initiatives.Response Emergency Management Incident Handling
Confidentiality Office General Office and Information Group Implem Improv
entation Recoveryement Recovery Mechanism Disaster Recovery Measures Continuity
Responsible for the daily organization and Oversee decision-making and implementation
The management of confidentiality work. of network and information security measures. Security Operation System
Execution Situation Overview Risk Handling Risk Monitoring Security Enhancement
Bodies Other Functional Departments
Asset Value Cryptographic Measure Plan Situational Risk Early Decision-making
Tasked with promoting and executing information security and confidentiality practices within Management Object Identification Selection Formulation Awareness Warning Suggestions
their respective areas of operation.Security Risk Assessment Plan Implementation and Drill Risk Handling Risk Tracing Avoidance Knowledge Base
3738
CryptographicApplications Professional Definition
Cryptographic Support
Personnel Capability
Requirements
Trust System
Security Organizational
Cryptography Structure2024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Information Security Management
Furthermore the Company regularly conducts confidentiality supervision and inspections focusing on sensitive information and personnel.Network Security Management Equipment Security Management Bi-monthly self-inspections are mandated for personnel handling classified information reinforcing the importance of adhering to
The establishment of private networks by any department The Company provides computer equipment for confidentiality requirements conducting work in accordance with established protocols and avoiding disciplinary or legal violations.is strictly prohibited. Network activation is conducted internal use. Employees are required to refrain from Monthly self-inspections are scheduled for departments dealing with confidential business. Department leaders implement and inspect
solely by the Office Department following a comprehensive unauthorized exchange or disassembly of equipment confidentiality measures tailored to their specific business characteristics. Quarterly inspections are conducted on department leaders'
feasibility study. and must maintain a clean safe and optimal working
implementation of confidentiality responsibilities semi-annual checks on the confidentiality responsibility implementation of leaders
Any unauthorized modification of company IP addresses environment for all computer equipment. overseeing confidentiality and annual reviews of the General Manager's confidentiality responsibility implementation. All supervision and
or connection methods by departments or individuals is Employees must strictly adhere to safety protocols inspection results are meticulously documented in confidentiality inspection work records.strictly forbidden. Access to internal network systems by and proper usage guidelines for computer equipment
external personnel is rigorously controlled. including startup and shutdown procedures and are
held responsible for the security of the computers and Information Security Enhancement Technologies and Plans
related equipment under their use. In 2024 the Company undertook a comprehensive upgrade of its internal security protection systems significantly elevating
overall network security levels to safeguard corporate information assets. To further bolster internal information security protection
File Storage Encryption Information Confidentiality Management capabilities the Company has formulated a strategic information security enhancement plan for the upcoming year. This plan
Storage of critical company documents on the C drive Company sensitive information is managed under includes: i) further optimization of existing security strategies to address increasingly sophisticated and covert attack methods;
(including desktop) is prohibited. Such files must be the principle of "strict management tight prevention ii) regular review and update of security policies to maintain their effectiveness; iii) exploration of AI-based security tools such
regularly backed up and stored in designated department ensuring security facilitating work" with complete and as automated threat detection and response systems to enhance the intelligence level of security protection; and iv) leveraging
folders on the company file server with each department secure handover procedures enforced at every stage machine learning and big data analysis technologies to improve the accuracy and response speed of threat detection.overseeing review and security management. Information transmission must be carried out by
Upon an employee's departure the department head is designated personnel in accordance with established
responsible for transferring all work-related materials to the protocols. Transmission through ordinary postal or courier
appropriate department folder services is strictly prohibited. Enhancing Monitoring and Traceability Strengthening Internal Network Isolation
Encryption is mandatory for files containing sensitive Prior to leaving their position or the Company employees Deploy XDR systems and increase honeypot nodes:
information. Electronic versions of company certificates are required to return all classified materials. Further exit Implement comprehensive monitoring of internal
Delineate network access security zones: Strategically
official letters and other critical documents must include procedures can only be initiated after confirmation of business systems and office computers through XDR relocate relevant network security access devices to
explanatory watermarks or purpose annotations. Individuals complete return. system deployment for rapid intrusion detection. XDR designated security zones and apply more stringent
responsible for improper handling or usage resulting in The destruction of classified materials must be supervised systems provide holistic security event detection and network policies.information leaks or losses will be held fully accountable. by at least two individuals and processed at designated response capabilities swiftly identifying potential Restrict high-risk port usage: Prohibit the use of
secure locations. threats through automated analysis and correlation. commonly vulnerable and virus-prone ports such as
Strengthen behavior auditing: Enable transparent 139 445 3389 etc.Information Security Certification and Audit terminal IP functionality for internal wireless networks Enhance basic protection of internal systems:
The Company actively pursues the development and implementation of robust information security management systems and and remote access VPNs. Integrate access logs of critical Strengthen SSH configurations across systems avoid
qualification certifications. As of the end of the reporting period the Company has successfully obtained ISO 27001 Information business systems and DMZ demonstration systems into using default ports and disable unnecessary services
Security Management System certification and two confidentiality qualifications. a centralized log audit system. Continuous monitoring (e.g. tcpforward). Implement robust IP whitelist
mechanisms for core systems to strictly control access
In compliance with the Measures for the Administration of Integrated Qualifications for Classified Information Systems and and analysis of terminal behavior enable real-time
permissions and mitigate the risk of lateral movement.Confidentiality Standards for Integrated Qualifications for Classified Information Systems the Company conducts regular and ad- detection and alerts for anomalous activities.hoc information security and confidentiality inspections through self-examination and in cooperation with regulatory checks. A
comprehensive audit of all information security and confidentiality matters is completed bi-annually. Additionally the Company
undergoes aperiodic external inspections of information security by third parties including government agencies. During the Reducing Attack Surface Optimizing Rapid Response
reporting period the Company conducted two internal information security audits.Minimize external network mapping ports: Deploy WAF systems: Protect OA portals remote access
Special Information Security Review by the Network Security Corps of Systematically close long-unused temporary ports and other critical systems from common Web attacks
Case
Shanghai Public Security Bureau and implement stringent source IP and validity period such as SQL injection and cross-site scripting (XSS)
restrictions for newly opened temporary ports. Regularly ensuring comprehensive Web application security.In September 2024 Koal underwent a specialized information security inspection conducted by the Network Security Corps of review and update port mapping policies to ensure only
Shanghai Public Security Bureau. The inspection focused on two critical areas: network security and supply chain integrity. It involved necessary ports are exposed externally.an in-depth analysis of the Company's network architecture data protection systems and information exchange processes across
Phase out legacy systems: Eliminate obsolete network
various supply chain stages to precisely identify potential vulnerabilities. In response to issues identified in network security and supply
devices like OpenVPN and WireGuard that are no longer
chain aspects the Company established a dedicated remediation team. This team rigorously adhered to the requirements outlined
maintained and uniformly migrate to 7-series security
in the remediation report issued by the Network Security Corps to develop comprehensive improvement plans. Key personnel were
authentication gateways and IPSec VPN gateways to
actively assigned to attend meetings at the Network Security Office to stay abreast of the latest requirements ensuring precise and
enhance overall system security and stability.effective remediation efforts to foster a secure stable and efficient operational environment.
39 402024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Development of Information Security Culture Privacy and Data Security
The Company enhances employees' information security awareness and fosters a robust corporate information security culture Koal adheres to the principle of "minimal data collection" systematically storing customer information in a robust ERP system. This
through various channels including educational campaigns training sessions reports and knowledge competitions. Furthermore approach is integrated with the Company's internal information security management system ensuring both data integrity and
the Company integrates confidentiality education into its comprehensive training plan disseminating crucial confidentiality confidentiality. The system incorporates role-based access controls applies data masking techniques to critical customer information
knowledge and analyzing current confidentiality work situations during these sessions. This helps employees heighten their and utilizes cryptographic products certified for commercial confidentiality detection to provide multi-layered protection.awareness clarify their responsibilities and strengthen their commitment to confidentiality. The Company regularly conducts
confidentiality examinations to evaluate training effectiveness enabling employees to gauge their understanding of confidentiality-
related knowledge and incorporate confidentiality practices into their daily work routines. During the reporting period the
Company conducted four information security and confidentiality training sessions.The Company employs a strategic combination of full and incremental backup methodologies
Key Performance
Data Backup to perform regular backups of data across all critical systems. This includes internal network
Total duration of information Total attendance in information infrastructures operational platforms portal websites corporate email servers and ERP
security training security training systems to ensure optimal data recovery capabilities in the event of system failures.
338 hours 98
Backed-up data files are subject to stringent safeguards to prevent unauthorized copying
For new employees the Company provides comprehensive confidentiality awareness training requiring them to pass a Data Flow Control or destruction. The extraction of databases from the system without proper authorization
confidentiality entry exam before commencing employment. New hires are also obligated to sign confidentiality agreements is strictly prohibited.which explicitly prohibit the disclosure of any information related to company business and clients. Business personnel are strictly
forbidden from disclosing customer information work notes reports quotations invoices and labor contracts. Developers and
implementation staff are prohibited from revealing source code system design documents database structures and data. During
the reporting period the Company organized a company-wide specialized confidentiality training program themed "Strengthening
Confidentiality Awareness Building a Solid Security Defense Line." The final assessment following the training yielded an The system supports encrypted storage for sensitive data fields encompassing personal
impressive average score of 97 points across all employees significantly enhancing the confidentiality awareness and information Encrypted Storage information sensitive personal information and enterprise-critical data.security protection capabilities of the entire workforce.Data Privacy Protection Awareness Authentication and Access Management Awareness
Employees are educated on the purpose of regular Employees are instructed that their digital
training which is to enhance their understanding of certificates are vital symbols of identity and must
data privacy protection and the critical importance be diligently safeguarded to prevent unauthorized
of safeguarding information security. They are access. They are made to understand that system
encouraged to internalize and implement the permissions for different positions are preset and
concept of protecting customer data privacy and they should only access information and resources
security while providing services. within their authorized scope.Project Information Confidentiality Awareness Proactive Knowledge Maintenance and Updates
Employees are thoroughly educated on the Through regular and comprehensive training
sensitivity of all project-related information employees are kept abreast of the latest security
(including project contracts proposals data policies and best practices. They are also taught
working papers and reports) and that access is how to effectively apply this knowledge to enhance
restricted to employees with appropriate credentials work efficiency while maintaining security.and permissions. For classified projects employees
are made acutely aware of the crucial role of
the Confidentiality Office and the importance of
implementing stringent confidentiality requirements
throughout the entire project lifecycle.
41 422024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Product Lifecycle Security Management Impact Risk and Opportunity Management
The Company integrates rigorous information security requirements throughout the entire product development and design
process. This establishes a comprehensive information security management system that spans the full product lifecycle creating Koal consistently refines its information security and confidentiality risk management mechanisms. The Company has implemented
a robust protective framework for all company offerings. the Information Security Risk Management Procedure and Confidentiality Management System establishing robust protocols for
ongoing information security risk control. This approach ensures early detection and prompt handling of potential risks.Risk Identification Risk Analysis Risk Assessment Risk Treatment
Security Requirements Security Design
Identify sensitive data using a security red line Transform security requirements into technical
checklist and determine appropriate protection levels. solutions based on established security red lines.Identify risks for each Following risk Evaluate risk analysis Implement targeted preventive
Define compliance requirements including Level 2 Conduct peer reviews to ensure comprehensive
of the Company's identification results against measures for each identified
Protection standards and industry-specific regulations. coverage of all security requirements.recognized assets based conduct analyses established risk risk point strictly adhering to
on the confidentiality and descriptions of criteria to determine specified countermeasures to
integrity and availability potential impacts risk acceptability mitigate the probability of risk
requirements of the from realized risks. or necessity for occurrence.Security Development information they Employ relevant risk treatment. Document Conduct research on
contain. Compile a calculation methods the entire risk confidentiality risk assessment
comprehensive risk to quantify risk values. assessment process
Enhance security training programs to Execute effective open-source software governance i.e. full management to enhance overall
inventory. for future reference.elevate employees' security awareness and lifecycle control + deployment package vulnerability + license confidentiality management
technical proficiency. scanning to ensure product safety and regulatory compliance. standards and proactively
manage potential risks.Implement a routine code auditing system Initiate the application of AI-assisted security development
incorporating security self-inspection static techniques such as intelligent coding assistants to address Information Security Risk Prevention Measures
tool scanning and manual code review. potential security issues.Enforce robust password security protocols including mandating strong passwords implementing two-factor
authentication and requiring periodic password changes.Conduct regular system scans for updates and promptly install new patches to address identified vulnerabilities.Security Testing Security Deployment
Restrict software installation to official or trusted sources only minimizing malware risks.and Operations Enhance network perimeter protection through advanced firewall software or hardware to monitor intrusions and
restrict unauthorized access effectively. Implement dual-factor authentication and access control lists to ensure network
Refine the security testing framework augmenting Harden products and operational environments based on access is limited to authorized users only. Utilize secure protocols (e.g. HTTPS) to encrypt sensitive data transmission
security test case design and multi-language security code security hardening guidelines. preventing man-in-the-middle attacks and data theft.examples to ensure increasingly rigorous and effective Strengthen vulnerability management for live network Establish regular data backup and emergency recovery plans storing backup data offline in secure locations to ensure
testing processes. components through daily updates on the latest open- recovery in case of damage. Deploy offline backup devices for critical data.Employ a hybrid approach combining automated tool source component vulnerabilities proactively reducing
scanning with manual penetration testing to ensure potential security risks.products meet security red line requirements. Establish robust vulnerability alert and handling The Company adheres to the principle of "prevention-focused enhanced monitoring; people-oriented collaborative defense;
Integrate penetration testing into the release process for processes track product vulnerability risks and standardized operations constant vigilance." A robust mechanism for preventing and responding to information security and
key projects enhancing pre-launch security assurance. implement a tiered emergency response system based on confidentiality incidents has been established. Koal has formulated detailed institutional process documents including the
Implement pre-release host checks to ensure all-in- vulnerability risk levels.Information Leakage Incident Emergency Response Plan which standardizes emergency response processes and measures for
various security incidents. This significantly enhances the Company's ability to respond effectively to emergencies. To bolster its
one machines are optimally configured and hardened information security defense capabilities the Company conducts regular emergency drills and attack-defense exercises as part of
according to security guidelines. its routine operations. During the reporting period Koal conducted one comprehensive information security and attack-defense
emergency drill.
43 442024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Information Security Incident Emergency Response Process and Measures Indicators and Targets
Koal establishes its information security objectives and strategies based on its information security policy. To ensure business
Anomaly Detection: Monitor servers for anomalies such as potential hacker attacks or unusual continuity and maintain secure stable operations the Company translates information security requirements into actionable and
processes. Conduct preliminary assessments to determine if an intrusion or information leakage has measurable objectives across various organizational levels. The achievement of these objectives is directly tied to performance
occurred. incentives for the Company's management team.Incident
Emergency Plan Activation: Upon confirmation of an intrusion or leakage immediately initiate the
Discovery Indicator/Target 2024 Target Achievement Status
emergency response plan.and Initial
Response Business Impact Evaluation: Assess whether affected servers are critical to business operations. If
Target achieved
Controlled information leaks: No more than 3 incidents/year
operations remain unaffected promptly take servers offline. In cases where business operations are No controlled information leak incidents occurred.impacted escalate to supervising leadership and implement network isolation protocols including Target achievedConfidential information leaks: Zero incidents/year
disconnecting external network access. No confidential information leak incidents occurred.Target achieved
Loss of critical information equipment: Zero incidents/year
No incidents of critical information equipment loss occurred.Information security/IT service training coverage throughout Target achieved
Log and File Examination: Inspect database operation logs server processes network logs
the year: 100% All personnel received information security/IT service training.and suspicious files to confirm the extent of information leakage. Upon discovery promptly
Investigation report findings to leadership and assemble a dedicated emergency response team. Target achievedCumulative large-scale internal network (60% coverage)
and Leak Critical Evidence Preservation: Back up all logs malicious files and attack traces. In severe No large-scale internal network (60% coverage) downtime downtime: Less than 120 minutes/year
Confirmation cases escalate the matter to appropriate law enforcement authorities. exceeding 120 minutes occurred.Leak Source Identification: Conduct analysis of leaked data to pinpoint the source including Target achievedLarge-scale virus outbreaks (60% of computers infected): No
attack vectors and vulnerabilities. Address and rectify identified security weaknesses. No large-scale virus outbreaks (60% of computers infected) more than 1 incident/year
occurred.Major service/information security incidents: Zero incidents/ Target achieved
year No major service or information security incidents occurred.Threat Elimination: Remove viruses trojans and attack files. Implement security measures on System and equipment availability: Maintained at 99% or Target achieved
compromised servers. Conduct thorough checks on all connected systems to prevent pivot attacks
Emergency higher System and equipment availability remained above 99%.or secondary leaks.Handling Target achieved
System Fortification: Update all vulnerability patches implement encryption for core data rectify Confidentiality breach incidents: Zero occurrences
and System No confidentiality breach incidents occurred.high-risk systems and establish security baselines.Recovery
Recovery and Enhanced Monitoring: Restore network connections after confirming system security.Implement heightened monitoring protocols with particular emphasis on database access logs.Incident Documentation and Archiving: Compile detailed incident reports documenting leaked
content potential harm mitigation measures implemented and responsible personnel involved.Compliance Reporting: Ensure responsible departments submit written reports to the Company's
Confidentiality Office and leadership group within 24 hours of leak discovery. The Company must
provide written notification to the Shanghai Secrecy Administration Bureau within 24 hours and
Post-Incident submit investigation results within 3 months.Management
and Compliance Internal Leak Handling: For unintentional leaks follow established virus handling procedures
Reporting for equipment and intensify employee training programs. In cases of intentional leaks restrict
involved employees' account privileges collect log evidence and in severe cases refer the matter
to relevant national authorities for further action.Continuous Improvement: Regularly conduct emergency plan drills and critically assess and
revise operational procedures as needed. Implement encryption storage and leak prevention
measures for all critical data.
45 462024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Sustainable Supply Chain Enhancing Supply Chain ResilienceThe Company has implemented the Supply Chain Continuity Assurance Measures employing various strategies to bolster supply
chain risk management.Koal consistently enhances its supply chain management system by developing and strictly adhering to policies such as
the Qualified Supplier System and Procurement Management Process. These policies govern the entire lifecycle of supplier
relationships from admission to evaluation and exit while fostering robust long-term communication mechanisms with suppliers.This effectively mitigates potential risks in the supply chain and promotes sustainability.Supplier Lifecycle Management Develop a comprehensive supply chain Forecast risks across
risk management plan supply chain stages
Suppliers are classified into three priority levels (A B C) and three categories based on material importance. Conduct thorough risk assessments for critical Document high-frequency disruption points and
The selection and evaluation of project suppliers is a collaborative effort involving procurement personnel suppliers and evaluate potential risks associated issues within the supply chain. Assess suppliers'
Supplier project managers and financial managers with procurement personnel taking the lead. The team assesses with natural disasters or political instability. organizational scale monitor supplier material
Admission suppliers based on the Company's Preferred Supplier List and TORDC Evaluation Criteria considering five Establish a robust risk management plan and an quality data and regularly review response rates
key dimensions: technology and technical services quality responsiveness delivery performance and effective emergency response system for supply to quality issues.material cost. chain disruptions.With reference to the TORDC Evaluation Criteria the Company conducts annual supplier performance
evaluations based on suppliers' comprehensive performance throughout the year. The results are
Supplier
documented in the Supplier Annual Performance Assessment Form and the Supplier Evaluation Record
Audit
Form. A Preferred Supplier Evaluation Form is also completed to provide a thorough assessment of Establish safety Implement an emergency mechanism for
supplier performance. stock levels supply chain disruption risks
Conduct monthly inventories of raw materials in Regularly monitor the qualif ication status
warehouses promptly updating records after each and any negative information regarding key
count. Perform daily checks of inventory quantities information system technology service providers.Based on the annual supplier performance assessment forms the Company implements a detailed tiered
Tiered and against established safety stock levels with If monitoring reveals adverse information that
and categorized management approach for suppliers. This is done in strict accordance with the scoring
Categorized immediate notification to relevant procurement could impact a service provider's operations
standards outlined in the Qualified Supplier Evaluation System. The assessment comprehensively considers
Management personnel if quantities fall below or exceed specified relevant system managers should promptly
suppliers' performance across various aspects including quality delivery and service. thresholds. Upon receiving low or high stock alerts report and assess the situation preparing
from warehouse managers swiftly liaise with appropriate contingency measures. Incorporate
suppliers based on actual production requirements. comprehensive contingency plans for sudden
Maintain a minimum 1.5-month safety stock for supplier issues into the Company's emergency
The Company implements a comprehensive supplier evaluation process based on clearly defined scoring items with extended procurement cycles or limited management framework to enhance overall
Supplier criteria. This assessment incorporates data from the annual supplier performance evaluation reports. production capacity. supply chain resilience.Exit For suppliers who do not meet specified standards we initiate a replacement procedure to ensure the
continued stability of our supply chain and maintains the high quality of our products and services.ESG Management in the Supply Chain
Key Performance Koal integrates sustainability requirements into supplier collaborations guiding partners to consistently improve their sustainability
performance through procurement contracts tender requirements and other formal documents thereby strengthening supplier
Total number of suppliers Total number of domestic suppliers ESG management. We incorporate ESG criteria such as environmental considerations business ethics product quality and
64 64 compliant employment practices into supplier evaluation indicators. Suppliers are required to sign documents including the Integrity Agreement Partner Integrity and Honesty Commitment Letter and Supplier Product Quality Assurance Agreement to
standardize supplier ESG management practices.
47 482024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Empowering Suppliers
The Company places significant emphasis on supplier capacity building and supports suppliers in improving product quality
through targeted training and assistance with the aim of jointly building a mutually beneficial supply chain system. During the Case Partnering with Huawei to Build a Secure Ecosystem
reporting period Koal conducted two comprehensive training sessions for suppliers.In November 2024 Koal and Huawei formalized their collaboration in the HarmonyOS ecosystem by signing a HarmonyOS
Memorandum of Cooperation at the Enterprise Essential Applications HarmonyOS Forum. As a Huawei Kunpeng native
Case Supply Chain ESG Training and Exchange
development partner Koal will leverage the Kunpeng
In 2024 Koal organized two supply chain ESG training sessions for suppliers. These sessions systematically shared hardware infrastructure openEuler systems and the
ESG management practices covering crucial topics such as supply chain environmental responsibility anti-corruption Kunpeng DevKit development toolkit to focus on constructing
norms and business ethics standards enhancing collaboration in environmental protection social responsibility robust network security trust systems. The Company will
and governance capabilities. During on-site visits the Company conducted thorough examinations of suppliers' develop native cryptographic applications tailored for key
green factory initiatives. Through productive exchanges on green manufacturing technological innovations and sectors including government agencies military and defense
environmental management experiences the initiative provided bilateral empowerment for optimizing green supply industries and financial institutions. Koal aims to create
chain development. cutting-edge digital asset security solutions for the Kunpeng
architecture while constantly optimizing commercial software
performance thereby contributing to the development of an
efficient stable and innovative data security ecosystem.Case Collaborating with Guotai Junan Securities to Promote Domestic Cryptographic Applications
At Guotai Junan Securities's 2024 Financial Technology
Culture Festival forum Koal entered into a comprehensive
strategic cooperation agreement with Guotai Junan
Securities Co. Ltd. Both entities are committed to deepening
cooperation in capital and technology domains harnessing
their respective expertise and resources to jointly advance
innovative applications and development of commercial
cryptographic technology within the securities industry.Moving forward they will explore novel scenarios and pilot
applications of cutting-edge cryptographic technology
in the securities sector collaboratively promoting the
Industry Ecosystem Development implementation and evolution of high-security domestically
controllable products based on national cryptographic
systems in critical areas such as finance.Koal is acutely aware of its responsibility and obligation to promote industry development. While focusing on its core business
the Company actively contributes to building the industry ecosystem through various strategic initiatives including enterprise Case Joining Industrial Park to Leverage Industry Cluster Effects
cooperation educational outreach industry talent cultivation and active participation in influential industry forums.In October 2023 Koal's newly acquired headquarters situated in the G60 Commercial Cryptography Industrial Base A2
Industry Collaboration in Shanghai's Songjiang District was completed and became operational. This industrial base represents a science and
Koal places a high value on collaborative development within the industry. The Company has forged a strategic partnership technology innovation and application demonstration site implemented by Shanghai to foster the development of
with Huawei to build a robust security ecosystem and joined forces with Guotai Junan Securities Co. Ltd. to promote the large- the commercial cryptography industry. It aligns with national guidelines on cryptographic application and innovative
scale application of domestic cryptographic technologies accelerating the process of replacing imported technologies with development under the framework of the Yangtze River Delta integration strategy. By establishing its Shanghai
domestically controlled alternatives. Additionally the Company leverages its entry into the commercial cryptography industrial headquarters in this strategic location the Company positions itself to benefit from industry cluster effects facilitating
park as a strategic opportunity to integrate upstream and downstream resources fostering a powerful industry cluster effect. Koal technical exchanges fostering cooperation and driving innovation with related enterprises ultimately enhancing the
is also deeply involved in Shanghai's information technology innovation initiatives driving the leap from pilot projects to full-scale Company's brand recognition and market influence.implementation of domestic technologies across various sectors.
49 502024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Case Promoting Shanghai's Information Technology Innovation Development
Since 2019 Koal has proactively responded to governmental directives by establishing and operating
the Shanghai Information Technology Application Innovation Engineering Adaptation Center
supporting Shanghai's Party and government information technology innovation reform initiatives.As the project transitioned into a normalization phase the adaptation center evolved into the
Shanghai Information Technology Application Innovation Comprehensive Service Center in early
2022. While maintaining core services such as innovation adaptation engineering verification and
promotional training the center has significantly enhanced its capabilities in after-sales support
talent cultivation and security early warning systems. It provides comprehensive support for
information technology innovation work across Party and government entities and has gradually
expanded its services to industry users. In March 2022 the Shanghai Municipal Health Commission's
Information Office designated the center as the sole authorized adaptation certification institution for
Shanghai's medical industry. As of December 2024 the center has processed adaptation applications
for 855 products from 171 manufacturers with 614 products from 131 manufacturers successfully
completing adaptation certification and receiving official validation reports.Educational Outreach Case Company Cryptography Exhibition Hall
Koal actively engages in educational outreach initiatives focused on cryptographic security knowledge enhancing public awareness
Koal has developed a distinctive cryptography exhibition hall creating an immersive educational platform with diverse zones
through innovative online and offline popular science promotions. The Company has developed a professional cryptographic
focused on cryptographic technology applications and industry education. The hall is strategically divided into four primary
technology exhibition hall employing interactive and scenario-based methods to educate the public about the practical applications
functional areas. The model solution display area systematically presents real-world implementations of cryptographic
and security concepts of cryptographic technology. Furthermore the Company has collaborated with industry experts to create Little
technology in government affairs and urban governance through various models including the General Office of the CPC Central
Crypto's Adventures in the Four Great Classical Novels an engaging and accessible series that interprets complex cryptographic
Committee model the Changning model and two Shanghai-specific models. The application display area visually demonstrates
knowledge for a younger audience. This initiative aims to spark interest in cryptographic technology among young people nurturing
industry chain collaboration results through ecosystem partner logos adaptation scenarios (e.g. financial systems government
potential talent for the industry's long-term development.platforms) and advanced security products (e.g. root certificate issuance systems key management systems). The innovative
business display area highlights cutting-edge technologies and products such as video conferencing equipment and cloud-
Case Participating in National Security Education Day Activities based solutions. Through scenario-based presentations ecosystem synergy and interactive experiences Koal's cryptography
Koal actively engages in educational initiatives promoting cryptographic security. The Company participated in the exhibition hall comprehensively promotes understanding and awareness of cryptographic technology among visitors."Cryptographic Security in Government Agencies" event a key component of the National Security Education Day held
at the Information Plaza in Henan Province. Organized by various government and industry bodies the event featured
Koal alongside over 20 cryptography companies in a dedicated exhibition area. The companies showcased cutting-edge
applications and practical outcomes of commercial cryptography in government affairs emphasizing the critical role of
cryptographic security as a cornerstone of information security. This initiative not only enhanced government officials'
understanding and proper usage of cryptographic security but also promoted the widespread adoption and development of
commercial cryptographic technology significantly contributing to the security of government affairs information.Case Collaborative Authorship of Little Crypto's Adventures in the Four Great Classical Novels
In collaboration with industry experts Koal has authored Little Crypto's Adventures in the
Four Great Classical Novels. This innovative work ingeniously uses China's four great classical
novels as a backdrop to craft engaging storylines that allow readers to enjoy the narrative while
gaining a more intuitive and profound understanding of cutting-edge developments in China's
information security field. The book artfully showcases the information security stories behind
China's quantum cryptography resulting in a comprehensive read that seamlessly combines
technical knowledge entertainment value and educational content.
51 522024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Industry Talent Cultivation Industry Exchange
Koal places a strong emphasis on cultivating industry talent through systematic training and evaluations school-enterprise To swiftly gain insights into the latest industry developments policy changes and market trends Koal actively engages in a wide range of
cooperation and integration of production and education to inject new vitality into the industry. During the reporting period the industry forums and academic exchanges. The Company has strategically joined multiple industry associations and academic alliances
Company nurtured a total of 216 information technology innovation talents through comprehensive training and assessments to forge close business connections expand collaboration opportunities and contribute significantly to industry development through
including 22 internal and 194 external participants. Additionally the Company co-established an information technology shared resources. During the reporting period Koal participated in 37 diverse industry exchange activities. As of the end of the reporting
innovation training room with Shanghai Technical Institute of Electronics & Information. period the Company had joined a total of three national-level academic societies and industry alliances.Case Co-establishing an Information Technology Innovation Training Room Case Participation in the 10th China (Shanghai) International Technology Fair (CSITF)
Koal actively participates in industry talent cultivation. In partnership with the Shanghai Information Technology In June 2024 Koal as a vanguard in the commercial cryptography industry showcased its groundbreaking achievements
Application Innovation Comprehensive Service Center and Shanghai Technical Institute of Electronics & Information the in post-quantum cryptography at the 10th CSITF. The Company unveiled the nation's first comprehensive post-quantum
Company has co-established the first-of-its-kind information technology innovation training room in Shanghai's higher cryptography solution a milestone in the field. This cutting-edge solution incorporates core products such as quantum-safe
vocational colleges. This cutting-edge facility not only serves the college's information technology innovation curriculum VPNs and quantum-safe key management systems featuring critical functionalities including secure networking and advanced
and research needs but also provides advanced teacher training for secondary and higher vocational colleges and key management. Notably it has pioneered in successfully passing the rigorous PQC application system upgrade verification
industry professionals. It offers a dynamic platform for deep integration of industry academia research and practical test conducted jointly by the CAICT and VIAVI achieving seamless transition to post-quantum cryptographic algorithms.application. By leveraging the strengths of higher vocational colleges the information technology innovation industry Furthermore the Company exhibited innovative applications that synergize cryptographic technology with frontier fields such
and leading manufacturers the Company along with other partner enterprises cultivates application-oriented talents as AI blockchain and privacy computing. Through engaging keynote speeches at the data element sub-forum interactive
that meet evolving industry needs significantly contributing to the high-quality development of vocational education. cryptography education experiences and targeted regulatory promotion the Company significantly raised public awareness of
the value of commercial cryptography technology and catalyzed a deeper understanding within the industry.Case Hosting Student Visits from Shanghai Dianji University Co-organizing the Information Technology Innovation Application Work Exchange Meeting at the
Case
Global Digital Economy Conference 2024
Koal hosted an immersive visit for students from Shanghai Dianji University providing a meaningful hands-on experience for
students in the Software Engineering Excellence Program. During the visit students gained insights into Koal's development In July 2024 Koal as a pioneer and leader in China's information security and digital trust domain co-organized the Information
trajectory corporate achievements and research directions. Technology Innovation Application Work Exchange Meeting at the Global Digital Economy Conference 2024. This high-profile
They also acquired in-depth knowledge of cryptographic conference addressed critical issues such as deepening digital cooperation coordinating aid to Tibet bridging the digital divide
technology principles and their real-world application between eastern and western regions and stimulating digital cultural
scenarios. Furthermore through lectures organized by the tourism consumption. The Company's Deputy Chief Engineer
Information Technology Innovation Center the Company Lang Wenhua delivered a keynote report titled "New Generation
inspired students to focus on the development of domestic Digital Trust System Architecture and Practice." This presentation
technologies and actively support China's burgeoning systematically elucidated Koal's technological advancements and
information technology industry through practical practical achievements in the digital trust field thereby contributing
engagement aiming to nurture the next generation of significantly to industry-wide digital transformation efforts and
information technology talents. fostering the robust development of the digital economy.
53 54Efficient and
Robust Operations
57 Corporate Governance
63 Risk and Compliance Management
65 Business Ethics and Anti-Corruption
67 Party Leadership
Contributing to the UN SDGs2024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Corporate Governance
As the Company's supreme authority the General Meeting of Shareholders is responsible
for reviewing annual budgets and financial reports electing or replacing directors and
supervisors approving profit distribution plans and making critical company decisions. It
Corporate Governance System operates in compliance with regulations such as the Rules for the Shareholders' Meetings of
General Listed Companies and Koal's own Rules of Procedure for General Meeting of Shareholders. The
Koal adheres to a comprehensive set of laws and regulations including the Company Meeting of meetings combine on-site and online voting to ensure the protection of shareholders' rights.Law of the People's Republic of China the Securities Law of the People's Republic Shareholders
of China the Code of Corporate Governance for Listed Companies the Listing
Rules of the Shanghai Stock Exchange and the Guidelines No. 1 of the Shanghai
Stock Exchange for Self-regulation of Listed Companies — Standardized Operation. 4 general meetings of shareholders were held during the year at which 1 8 resolutions
In alignment with its Articles of Association and other normative documents the were reviewed and approved.Company has established a governance structure that ensures clear responsibilities
independent operations and effective checks and balances. This structure comprises
the General Meeting of Shareholders the Board of Directors and the Board of
Supervisors. The governance system delineates distinct responsibilities among
the power organ decision-making body supervisory body and executive body.This arrangement fosters coordinated operations and mutual oversight constantly
enhancing corporate governance efficiency. The General Meeting of Shareholders
consisting of all shareholders serves as the highest authority. The Board of Directors Accountable to the General Meeting of Shareholders the Board of Directors' responsibilities
oversees strategic decisions and daily operations while the Board of Supervisors include convening general meetings of shareholders formulating business strategies
monitors the Board of Directors and management. Through clear division of preparing budgets and financial reports proposing profit distribution plans and structuring
responsibilities and efficient collaboration these bodies collectively ensure scientific internal management. The Board operates through five specialized committees: the Strategy
and standardized corporate governance safeguarding the interests of both the Committee the Audit Committee the Nomination Committee the Remuneration and
Company and its shareholders. During the reporting period Koal further refined its Appraisal Committee and the ESG Committee. These committees handle specific Board-
governance mechanisms. The Company introduced new guidelines including the authorized matters and provide expert advice for decision-making.ESG Committee Implementation Rules and the Public Opinion Management System. Mr. Zhang Keqin an independent director serves as the chair of the Audit Committee. Mr.Additionally it revised existing protocols such as the Board of Directors Rules of Ma Lizhuang also an independent director serves as the chair of both the Nomination
Procedure and the Independent Director System. These actions aim to enhance the Committee and the Remuneration and Appraisal Committee. Independent directors
scientific nature standardization and transparency of corporate governance. constitute the majority and serve as chairs in the Audit Committee the Nomination
The nomination and selection process for governance body members including Committee and the Remuneration and Appraisal Committee ensuring professionalism and
directors and supervisors strictly adheres to the Company Law of the People's Board of independence in the decision-making process.Republic of China and Koal's Articles of Association. This approach ensures both Directors
fairness and professionalism in appointments. While the Board of Directors'
membership remained unchanged during the reporting period its scope of
responsibilities expanded with the establishment of the ESG Committee. The Board of Directors convened 9 meetings over the year during which 5 1 resolutions
were reviewed and approved with a 1 0 0 % attendance rate among all Board members.General Meeting Over the year 5 Audit Committee meetings 1 Nomination Committee meetingof Shareholders 4 Remuneration and Appraisal Committee meetings and 1 Strategy Committee meeting
were convened contributing effectively to the advancement of the Company's strategic
Board of Supervisors development goals.Board of Directors
Reporting to the General Meeting of Shareholders the Board of Supervisors oversees the
legality of the Company's financial and operational activities. Its duties include inspecting
financial conditions monitoring the conduct of directors and senior management attending
general meetings of shareholders and ensuring legal compliance in the performance of
Board of duties by financial personnel directors and senior management. The Board plays a crucial
Remuneration SupervisorsStrategy ESG Audit Nomination role in protecting the legal rights and interests of both the Company and its shareholders.Committee Committee Committee Committee and Appraisal
Committee The Board of Supervisors convened 7 meetings over the year during which 3 2 resolutions
were reviewed and approved.Organization Chart
57 582024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Board Diversity and Effectiveness Professional Capabilities
Name Type Gender
Koal is committed to fostering a diverse Board of Directors. The Company places great emphasis on the backgrounds skills and Industry Risk
professional expertise of Board members aiming to integrate various perspectives and experiences to guarantee well-informed Experience Management Accounting Legal
and efficacious Board decisions. The Board consists of nine members comprising six non-independent directors and three
independent directors. These Board members bring a wealth of interdisciplinary knowledge and extensive industry experience Yang Wenshan Chairman Director Male
spanning multiple fields including information technology risk management finance and accounting law and finance. This
composition reflects a balanced representation of experience background and professional capabilities within the Board. The
Chair of the Audit Committee possesses a strong professional accounting background while several directors have extensive
practical experience in risk management and prevention. This includes establishing comprehensive risk management systems and Lu Haitian Director Male
handling significant risk events which effectively supports the Company's efforts in risk identification assessment response and
mitigation.Ye Feng Director General Manager Male
The nomination process for Board members follows a rigorous selection procedure. The Nomination Committee incorporates
diversity as a key consideration thoroughly evaluating candidates' educational backgrounds industry experience professional
skills and career histories. This approach aims to maintain a well-balanced board in terms of competencies skills experiences Xu Yongkang Director Male
and cultural and educational backgrounds. Moreover the Company places high importance on the ethical conduct and
leadership reputation of potential Board members. Following review and approval independent director candidates must
undergo qualification and independence assessments conducted by the Shanghai Stock Exchange. They are then elected through Director
cumulative voting at the general meetings of shareholders a process that constantly enhances the Company's governance Zhu Litong Deputy General Manager Male
standards and decision-making capabilities.Koal actively encourages Board members to participate in professional development training and compliance education to
enhance their professional competencies and performance capabilities. During the reporting period the Company's directors Cai Guanhua Director Board Secretary Male
supervisors and senior management enthusiastically responded to the China Association for Public Companies' initiative
by participating in the "Special Topic on Violations of Laws and Regulations" training. All participants successfully passed the
associated test demonstrating a significant improvement in their regulatory awareness and compliance capabilities thereby Zhang Keqin Independent Director Male
strengthening the foundation for the Company's stable operations.Throughout the reporting period all directors of Koal strictly adhered to relevant laws regulations and the Company's articles
of association diligently and prudently fulfilling their responsibilities. Independent directors engaged in Board activities through Xiao Yongji Independent Director Male
various means offering independent opinions on significant matters to ensure scientific decision-making. They effectively
exercised their supervisory functions promoting the execution of Board resolutions and ensuring the accuracy of information
disclosure thus safeguarding the legal rights and interests of both the Company and its shareholders. The remuneration scheme Ma Lizhuang Independent Director Male
for Koal's Board members undergoes annual review by the General Meeting of Shareholders. This review takes into account
industry salary levels regional development conditions and job responsibilities to determine appropriate compensation.Directors' Educational Background
32
4
Doctoral Degree Master's Degree
Bachelor's Degree and Below
59 602024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Investor Relations Management Case Company Executives Engage in Case Company General Manager Participates High-Quality Dialogue with Stock Star in Securities Daily Executive Interview
In November 2024 the Company's Director and In December 2024 the Company's Director and
Information Disclosure Board Secretary took part in a high-quality dialogue General Manager engaged in an executive interview
hosted by Stock Star. The discussion centered on with Securities Daily. During the conversation he
Koal rigorously adheres to the Securities Law of the People's Republic of China the Measures for the Administration of Information "Leveraging cryptography as a niche approach to emphasized that "Cryptographic technology offers
Disclosure of Listed Companies and the Provisions on the Registration and Management System of Insiders Who Have Access to safeguard the broader development of data element four key attributes in addressing data security
Insider Information of Listed Companies among other pertinent regulations. The Company has implemented a comprehensive security." The executive provided comprehensive challenges: authenticity integrity non-repudiation
Information Disclosure System to ensure the authenticity accuracy and timeliness of disclosures thereby enhancing transparency insights into Koal's expertise in the cryptography and confidentiality. Furthermore the Company's
and quality. During the reporting period Koal issued 4 periodic reports and 99 ad hoc announcements ensuring equitable access domain the Company's current business operations cryptographic solutions excel in terms of timeliness
to information for all shareholders. The Company's disclosures were free from false records misleading statements significant and prospective development opportunities. and cost-effectiveness positioning them as the
omissions or other improprieties. Concurrently Koal vigilantly monitored public sentiment and market trading patterns to optimal strategy for ensuring data security."
safeguard investors' legal interests effectively.Investor Communication
Koal is dedicated to fostering a relationship of mutual trust and timely communication with investors. The Company consistently
refines its internal Investor Relations Management System and has established diverse communication channels. Through direct
phone lines email correspondence interactive investor relations platforms and on-site research opportunities the Company
addresses investor inquiries and engages in substantive dialogues. This approach enables investors to gain comprehensive
insights into the Company's business model development strategies and financial position facilitating informed investment
decisions. On the investor relations platform the Company's Securities Department consults with technical managers to ensure
responses are both accurate and technically sound. Koal maintains a steadfast policy against concept hype and exaggeration
prioritizing honest and responsible communication to bolster investor trust and satisfaction. In 2024 Koal disseminated 163 Website link: https://haokan.baidu.com/vpd=wisenatural& Website link: http://www.zqrb.cn/video/
announcements and related materials conducted 3 performance briefings engaged in 125 offline and 24 online investor vid=2494321514928199420 gaoduanfangtan/2024-12-20/A1734683382689.html
exchanges issued 4 investor record forms responded to 53 investor inquiries on the sseinfo.com platform fielded 66 direct
phone calls and addressed 10 email inquiries.Tax Management
Investor Rights Protection
Koal rigorously complies with domestic legislation such as the Enterprise Income Tax Law of the People's Republic of China as well
Koal acknowledges the critical role of investor relations management in maintaining corporate reputation and investor confidence as international tax regulations. The Company has implemented a comprehensive tax management system to ensure compliant
diligently monitoring and responding to diverse investor concerns. The Company proactively identifies and mitigates potential tax reporting and payment upholding regulatory compliance and efficiency in tax administration. We are committed to refraining
risks standardizes procedures for general meetings of shareholders (convening holding deliberating and voting) and ensures from transferring value to low-tax jurisdictions avoiding tax structures lacking commercial substance adhering to the arm's
investors' rights to information and participation in major corporate decisions. This comprehensive approach effectively safeguards length principle for transfer pricing and eschewing the use of confidential jurisdictions or so-called "tax havens" for tax avoidance
investor interests and reinforces market trust. purposes. Throughout the reporting period Koal reported no significant tax violations.Fund Management Protection of Minority Shareholders' Rights Investor Education
Public Opinion
Management
Guided by the annual Special Audit Report on Koal upholds the principle of equal treatment for all shareholders. Recognizing the technical complexity of the commercial Koal has instituted a comprehensive Public Opinion Management
the Summary of Non-operating Fund Occupation Small and medium shareholders can participate in general meetings cryptography industry Koal proactively engages with System to strengthen investor communication and enhance
and Other Related Fund Transactions issued by of shareholders either in person or through online voting platforms. institutional investors through strategy meetings site visits transparency and credibility. Additionally the Company
Shanghai Certified Public Accountants (Special For significant issues potentially impacting minority investors the and investor conferences to enhance understanding of the maintains a 24-hour investor hotline staffed by dedicated
General Partners) and the Company's Special Company separately tallies and discloses their votes. Shareholder Company's operations and industry dynamics. personnel to ensure prompt and effective responses to
System for Preventing Fund Occupation by meeting agendas include dedicated Q&A sessions for small and medium investor inquiries.Major Shareholders and Related Parties Koal investors to voice their opinions and suggestions. Meeting schedules
explicitly prohibits controlling shareholders and locations are strategically chosen to maximize participation with
actual controllers and their affiliates from modern technology utilized to enhance shareholder engagement. When
misappropriating company funds thereby reviewing profit distribution proposals independent directors and
protecting the legal rights of all shareholders specialized committees diligently provide thorough opinions. Relevant
and creditors. proposals undergo scrutiny by both the Board of Directors and the Board
of Supervisors before submission to the General Meeting of Shareholders
ensuring robust protection of minority shareholder interests.
61 622024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Risk and Compliance Management Risk Identification and Response Risk Response
Koal consistently enhances its risk Develop targeted risk
identification and response capabilities mitigation strategies based on
streamlining business management risk assessment outcomes.In alignment with the Basic Standard for Enterprise Internal Control the Guidelines for the Application of Enterprise Internal processes. The Company implements
Control and other pertinent regulatory requirements Koal has formulated its Internal Control System and Internal Audit System a comprehensive approach to risk
customized to its specific operational context. The Company consistently enhances its risk and compliance management identification assessment response
framework to guarantee the legality and compliance of its business activities. m o n i t o r i n g a n d c o n t i n u o u s Risk Assessment Risk Monitoring
improvement across its core business
s e g m e n t s . T h r o u g h t h o r o u g h Employ quantitative tools to analyze the probability Constantly track risk status
Risk Management Structure identification and management to ensure risks remain within
of market operational financial and impact of risks. acceptable parameters.legal compliance and technological
Koal has established well-defined responsibilities and decision-making protocols for risk and compliance management through risks the Company ensures resilient
the collaborative efforts of the Board of Directors Board of Supervisors and Management. development in a complex market
landscape. Moreover the Company
integrates Environmental Social Risk Identification Continuous
and Governance (ESG) risks into its
comprehensive risk management Comprehensively identify Improvement
system further identifying and internal and external Consistently refine
addressing potential risks in quality risks across all facets of risk management
safety environmental protection and company operations. processes through
anti-corruption thereby bolstering feedback mechanisms
corporate resilience. establishing a closed-loop The Board of Directors and Management is tasked with Given the Company's management system.Board of Supervisors oversee orchestrating daily internal specialized business nature
and evaluate the efficacy control operations safeguarding a dedicated Confidentiality
of risk and compliance the compliance and efficiency of Office has been established
management ensuring management activities. to oversee classified projects Risk Training
transparency and efficiency in qualifications and personnel
the management mechanism. throughout their lifecycle To enhance employee compliance awareness the Company regularly conducts specialized training sessions encompassing
ensuring the security and historical compliance risk analysis case studies compliance reviews risk assessment and response techniques and internal audit
proper supervision of oversight. Through these training initiatives employees have significantly improved their risk management proficiency further
confidential information. mitigating compliance risks and fostering stable corporate growth.
63 642024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Business Ethics and Anti-Corruption
Governance Whistleblowing and Whistleblower Protection
Koal is dedicated to cultivating an ethical and transparent business environment. The Company rigorously adheres to pertinent Koal maintains a zero-tolerance policy towards corruption and unethical business practices. The Company has established open
laws and regulations including the Company Law of the People's Republic of China the Anti-unfair Competition Law of the transparent and diverse reporting channels encouraging both internal employees and external partners to disclose violations.People's Republic of China the Anti-Monopoly Law of the People's Republic of China the Anti-Money Laundering Law of the Reporting methods include the Company's official telephone line dedicated hotline mail or in-person visits. Upon receiving a
People's Republic of China as well as industry standards. Internal policies such as the Code of Business Ethics the Anti-bribery report the Company forms a professional investigation team to conduct an independent inquiry in accordance with relevant laws
and Anti-corruption Policy and the Whistleblowing and Whistleblower Protection Policy set out detailed requirements for anti- and regulations collaborating with pertinent departments to ensure efficient information flow. Investigation results are reported
corruption and anti-bribery practices across all aspects of the Company's operations. Koal also actively promotes compliance with directly to senior management with appropriate accountability measures implemented for substantiated allegations.ethical business conduct and anti-corruption standards among its employees and business partners. The Company is committed to maintaining strict confidentiality regarding whistleblowers' personal information and reported
The implementation of business ethics and anti-corruption policies is ensured through the collaborative efforts of the Board of materials. All reports are handled by designated personnel and managed according to stringent confidentiality protocols. It
Directors Board of Supervisors and Audit Committee. A dedicated supervisory body oversees the execution of these policies is explicitly prohibited to disclose whistleblower information or report status to the accused or to unrelated personnel. While
while the Company's Internal Audit Department conducts regular reviews and risk assessments to ensure operational compliance safeguarding whistleblower confidentiality the Company also takes severe action against any retaliatory behavior. Verified cases
with legal requirements and internal ethical standards. of retaliation are dealt with seriously and in instances where whistleblowers' rights are severely compromised the Company
promptly reports to judicial authorities and pursues criminal liability in accordance with the law.Strategy and Approach
Impact Risk and Opportunity Management
Koal has seamlessly integrated principles of integrity and ethical conduct into its corporate culture and long-term development
strategy. These standards extend to the supply chain safeguarding high-quality development. The Company has institutionalized
the cultivation of business ethics and anti-corruption culture through documents like the Code of Ethical Conduct which clearly Koal has integrated business ethics and anti-corruption risks into its comprehensive risk management framework. To effectively
defines mandatory business ethics standards for employees. All staff members are required to sign the Employee Ethical Conduct address business ethics-related risks the Company conducts regular business ethics risk identification and assessment exercises
Commitment. Adherence to company values professional ethics and behavioral standards serves as a critical criterion for (for detailed processes please refer to the "Risk and Compliance Management" section of this report). Koal meticulously analyzes
employee performance evaluations promotions and personnel decisions. During the reporting period Koal reported no major factors that may trigger ethical risks various potential conflicts of interest improper benefit transfers and unfair competition
litigation cases involving corruption or unfair competition. practices. The Company has formulated detailed policies and procedures to ensure all business conduct aligns with ethical standards and legal requirements. To facilitate timely disclosure of potential risks the Company constantly enhances its
monitoring system incorporating internal audits compliance checks and robust whistleblowing mechanisms. The Internal Audit
Supply Chain Integrity Management Department systematically reviews the implementation of business ethics-related systems and conducts thorough audits and
inspections of business ethics risks across various operational scenarios. Audit results significant findings and matters requiring
attention are regularly reported directly to the Board's Audit Committee and the Chairman maintaining independence at
The Company has implemented robust centralized procurement management measures and procedural mechanisms. Internally organizational business and individual levels.potential conflicts of interest are scrutinized according to the procurement process system. Externally business ethics and anti-
corruption requirements are incorporated into the Company's template contracts for supplier signature. Alternatively suppliers
may be required to separately sign an Integrity Agreement or a Cooperation Partner Integrity Commitment. These documents
mandate compliance with national and local laws regulations policies and industry standards prohibiting any form of corruption
fraud extortion or embezzlement. For non-compliant suppliers the Company reserves the right to take measures including
suspension of cooperation or contract termination. Indicators and Targets
Anti-Unfair Competition
Koal strictly adheres to the Anti-unfair Competition Law of the People's Indicator/Target 2024 Achievement Status
Republic of China the Anti-Monopoly Law of the People's Republic of
China the Several Provisions on Prohibiting Infringements upon Trade Zero occurrence of major corruption incidents Target achieved
Secrets and relevant fair competition regulations in all operational
jurisdictions. The Company pledges to refrain from collecting
competitors' trade secrets or confidential information through illegal Ensure comprehensive audit coverage of all
means and to avoid engaging in activities such as price collusion that business areas every three years Target achieved
could disrupt market order. Koal is committed to resisting all forms of
unfair competition and maintaining a level playing field. During the
reporting period the Company reported no violations of anti-unfair 100% effective handling rate of reports Target achieved
competition laws or regulations.
65 662024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Party Leadership
Since its establishment in 2001 the Party Branch of Koal Software Co. Ltd. has consistently adhered to Xi Jinping Thought on Socialism
with Chinese Characteristics for a New Era. The branch closely aligns with the Company's development strategy dedicating itself to Case Marching Ahead Through Historic Passes to Guizhou
strengthening Party organization and constantly enhancing the cohesion and effectiveness of the Party organization. The Party Branch
has maintained a work orientation that integrates Party building with business development driven by both innovation and service Following the 2023 Red Tour to Jinggangshan led by Chairman Yang Wenshan and General Manager Ye Feng Koal organized
effectively shouldering the responsibility of serving the enterprise and its development. an educational visit to Zunyi in 2024. Through these activities the Company further encourages employees to reinforce
Within the Company's governance structure Communist Party members account for 44.44% of the management team including ideals and beliefs commemorate revolutionary martyrs adhere to Party principles in password management and inspire
directors supervisors and senior executives demonstrating the significant influence of the Party organization at the decision-making patriotic enthusiasm. After the journey senior management personnel composed reflections expressing their admiration for
level. As of the end of 2024 the Company's Party Branch comprised 82 Communist Party members and 1 probationary member. The revolutionary predecessors and demonstrating their commitment to integrating Party spirit into corporate management and
composition of the Party membership has been consistently optimized with steady improvement in overall quality providing a solid personal work practices.political and organizational foundation for the Company's sustained and stable development. In accordance with Party requirements
and the Company's specific circumstances Koal constantly refines its Party-building regulations promotes the institutionalization and
standardization of Party activities and strengthens exemplary leadership through the "Internet + Party building" model transforming
the Party's political and organizational advantages into market advantages that drive enterprise development.Embracing the concept of innovative development the Company advances both online and offline
educational resources. It has developed the "Theory Classroom" learning platform guiding Party
members and cadres to transform theoretical knowledge into a powerful driving force for enterprise
Online and development achieving a synergy between theory and practice. By the end of the reporting period
Offline Koal's "Theory Classroom" had successfully completed its third session focusing on six core themes:
Education political discipline organizational discipline integrity discipline mass discipline work discipline and life
discipline. Through carefully designed course content and diverse teaching methods such as specialized
lectures case analyses and interactive discussions new vitality has been injected into the Party Branch's
learning activities.Case Party Branch Organizes Collaborative Visit to the China Securities Museum
The Koal Party Branch in collaboration with the securities company's Party branch organized a visit to the China Securities
Museum. During the tour Party members gained an in-depth understanding of the development of China's capital market
The Company has invested in constructing the "Red Cryptography" exhibition hall utilizing touch screens under the leadership of the Communist Party of China through the museum's comprehensive exhibits including a lifelike
Cultural combined with holographic projection technology to vividly showcase "the Party's leadership over scene of Deng Xiaoping meeting John Joseph Phelan Jr. historical photographs and detailed archival materials. This
Display cryptography." This initiative integrates Party culture into business areas such as the Internet of Vehicles experience deepened their understanding of China's economic system reform and financial market development.and video security serving as a dedicated platform for promoting Party-building culture.Case Participation in Party Course Training
In December 2024 six Party members from the Company actively participated in a Party course training organized by the
Party Committee of Shanghai Dongtan Construction Group. The theme focused on an in-depth study and implementation
of General Secretary Xi Jinping's new ideas viewpoints and assertions on comprehensively deepening reform as well as the
spirit of the Third Plenary Session of the 20th CPC Central Committee. The training aimed to further assist Party members and
cadres in thoroughly assimilating General Secretary Xi Jinping's pivotal speeches and directives as well as the core principles
outlined in the Third Plenary Session of the 20th CPC Central Committee. The primary objective was to strengthen the
theoretical foundation of Party members and cadres while simultaneously enhancing their political acumen.
67 68Striving for a Shared
Prosperous Future
71 Diverse and Inclusive Workplace
74 Human Capital Development
84 Occupational Health and Safety
86 Community Engagement
Contributing to the UN SDGs2024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Diverse and Inclusive Workplace Compliant Hiring
Koal advocates for equitable and fair recruitment principles rigorously adhering to international human rights standards including
the International Bill of Human Rights the ILO Conventions the ILO Declaration on Fundamental Principles and Rights at Work
the UN Guiding Principles on Business and Human Rights and the ten principles of the UN Global Compact. The Company
Koal places great emphasis on attracting diverse talent actively welcoming individuals from various backgrounds cultures meticulously complies with pertinent domestic regulations and policies such as the Labor Law of the People's Republic of China
genders and professional skillsets. The Company is dedicated to cultivating an inclusive workplace ecosystem that offers and the Labor Contract Law of the People's Republic of China. Koal has implemented internal policies including the Koal Employee
employees extensive opportunities for growth while constantly infusing the organization with innovation and a competitive edge. Recruitment Management System and Employee Handbook to govern the entire talent acquisition process. The Company firmly
opposes discrimination based on gender education age race family status religious beliefs or cultural background. It strictly
prohibits child labor forced labor and any form of discrimination or harassment actively promoting fair employment practices.Compliant Employment Koal conducts regular and rigorous audits of its recruitment and employment processes. To ensure full compliance with laws and regulations at every stage of employment the Company actively encourages employees to report any violations of company
policies or regulations through established channels. All reported infractions are subject to thorough investigation and addressed
Koal consistently upholds the principle of "forward-looking planning and diverse talent acquisition." In alignment with the with utmost seriousness. When necessary corrective measures are implemented ranging from warnings and public reprimands to
Company's strategic objectives and business development trajectory Koal proactively plans its talent deployment. Through a demerits or termination of employment contracts. During the reporting period Koal reported zero incidents involving child labor
comprehensive series of measures the Company ensures precise talent identification effective recruitment and standardized or forced labor.employment processes attracting a wide spectrum of talents to establish a robust foundation for sustainable corporate growth.Key Performance
Total number of employees Number of employees recruited during Number of newly recruited Employee labor contract signing rate Social insurance coverage rate Employee turnover rate
the reporting period fresh graduates
679754100%100%23.95%
3
7
14282514.20%
170
Number of Number of Employee
Number of employees by employees by turnover rate
employees 19.75%
537 hierarchical educational by gender by gender
590 level level 455
Male employees Female employees Senior management Middle management Employees with associate Employees with Male employees Female employees
degrees or below bachelor's degrees
Frontline employees
Employees with graduate/ Employees with doctoral
MBA degrees degrees or above
2030.34%0.11%
15321016
6795.33%
Number of 10.22%
Number of Number of employees by Employee
employees employees employment turnover rate
by age 0 by region type by age
293663
7.95%
Employees aged 29 and under Employees aged 30-39 Employees from the Chinese mainland Hong Contract employees Temporary workers/ Employees aged 29 and under Employees aged 30-39
Kong Macao and Taiwan labor dispatch/
Employees aged 40-49 Employees aged 50-59 interns Employees aged 40-49 Employees aged 50-59
Overseas employees
Employees aged 60 and above Employees aged 60 and above
71 722024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Labor and Human Rights Management Key Performance
Koal has implemented a comprehensive human rights risk management system that spans the entire employment lifecycle. Percentage of Percentage of new Percentage of ethnic
This system is founded on principles derived from the International Bill of Human Rights the ILO Conventions the UN Guiding female employees female hires minority employees
Principles on Business and Human Rights and the Labor Law of the People's Republic of China. The Company has developed key
policy documents such as the Koal Employee Rights Code to proactively mitigate human rights risks and ensure robust protection 21% 19% 3%
of labor rights across all core business operations. This code encompasses crucial provisions including the prohibition of forced
labor and child labor freedom of association diversity and inclusion and anti-discrimination measures. Its scope extends to all
regular employees interns and other personnel throughout the Company's direct and indirect subsidiaries and affiliated entities.During the reporting period Koal reported no significant labor or human rights risk incidents. Percentage of employees Percentage of female employees Percentage of female employees with disabilities in middle management in senior management
Excerpt from the Koal Employee Rights Code 2% 17.74% 8.3%
"We unequivocally reject all forms of forced labor and are committed to safeguarding
our employees' rights to freedom and personal dignity. Our recruitment processes are
firmly rooted in the principle of voluntariness. We strictly prohibit the use of forced
bonded indentured or involuntary labor including prison labor. Our Company has
zero tolerance for any form of coercion threats or restriction of personal freedom
aimed at compelling employees to work or engage in overtime. We rigorously adhere Human Capital Development
to relevant labor organization conventions and local laws and regulations applicable
to our business operations and strictly refrain from employing child labor in
accordance with legal standards."
Governance
Diversity and Equal Opportunity
Koal has developed and implemented a comprehensive suite of policies including the Talent Recruitment System Compensation
Structure System Employee Promotion Management System and Training Management System. These policies effectively
Koal champions and embraces diverse equitable and inclusive cultures lifestyles and work practices. The Company profoundly respects optimize human resource planning ensuring that employees are utilized to their full potential while mitigating organizational risks
employee diversity and individual differences actively fostering an inclusive corporate culture. Diversity and inclusion principles are woven associated with key talent turnover or shortages.into the fabric of the Company's operations influencing recruitment employment practices training initiatives promotion processes The talent strategy at Koal is spearheaded by the Human Resources Department and subsequently submitted to the Board of
and compensation and benefits structures. This ensures equal opportunities and expansive career development platforms for every Directors for approval. The Company consistently refines its human resource management system to ensure seamless alignment
employee. During the reporting period Koal recorded no complaints related to discrimination or harassment. with overall corporate strategic objectives. Under the Board of Directors a Remuneration and Appraisal Committee has been
For female employees the Company is dedicated to providing equitable career development opportunities ensuring fair compensation established to formulate and oversee the implementation of remuneration policies and assessment standards for directors and
and benefits and effectively eliminating gender-based income disparities. Koal actively offers equal training and promotion opportunities senior management. The Company's HR Director is charged with developing human resource plans that align with the overall
for female employees supporting and nurturing their diverse skill sets. The Company encourages women to assume management corporate strategy providing critical support and recommendations for strategic decision-making from a human resources
positions breaking through traditional career limitations and ensuring increased participation and growth opportunities across various perspective. The Human Resources Department takes responsibility for formulating and executing the Company's human resource
functions and management areas. Furthermore the Company prioritizes female employees' reproductive health offering commercial planning goal-setting policies and procedures. With clearly delineated responsibilities across various levels these structures
maternity insurance and providing statutory prenatal leave maternity check-up leave maternity leave breastfeeding leave and parental collectively drive the Company's human capital development initiatives.leave. Male employees are granted statutory paternity leave (care leave) to encourage shared family responsibilities fostering a more
secure and stable work environment for female employees and supporting their long-term career development. During the reporting
period Koal implemented several initiatives to ensure female employees' career continuity growth and development:
Ongoing optimization of gender structure across various job categories and management levels;
Regular organization of gynecological examinations and provision of health consultation services;
Establishment of Mommy Rooms as dedicated spaces for mothers and infants equipped with breastfeeding and rest facilities to alleviate
concerns for pregnant and breastfeeding employees;
Organization of Women's Day celebration events and female leadership forums providing platforms for female employees to showcase
their talents and exchange experiences thereby stimulating their potential and creativity.International Women's Day event
73 742024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Strategy and Approach Employee Training
Koal's talent strategy is meticulously crafted to align with industry characteristics and the Company's overall business strategy. Koal places a strong emphasis on talent cultivation and development offering employees a robust platform for continuous
Talent review serves as a pivotal tool in realizing this strategy and the Company has established a robust process encompassing learning and growth. Through a comprehensive array of internal and external learning activities tailored for all staff members
"refining talent standards - talent selection methods - talent cultivation." the Company aims to enhance professional skills broaden perspectives and expand career development opportunities. Regular
evaluations of various training and development programs are conducted to ensure they effectively support employees' personal
career trajectories thereby providing a solid foundation of talent for the Company's sustainable growth.Conduct targeted campus recruitment talks at key universities (e.g. Shanghai University of
Electric Power Donghua University)
Koal prioritizes employee growth and development offering comprehensive and targeted
Establish joint training bases:
Set up internship bases at partner universities providing hands-on training and project-based training programs tailored to individual needs
School- learning opportunities.Enterprise Collaborate with universities to design bespoke IT innovation-related courses integrating real-
Cooperation world corporate cases into the curriculum.Co-develop an IT innovation training facility with Shanghai Technical Institute of Electronics & Cultural Dissemination
Information addressing teaching research faculty development and industry training needs.Foster industry-academia-research collaboration: Employee of the Month Recognition Outstanding Employee Awards
Enter into school-enterprise cooperation agreements with Shanghai University of Electric
Power Donghua University and Shanghai Polytechnic University.Employees interested in internal job opportunities submit detailed self-recommendation Executive-level External Training
Internal reports or Competition Application Forms to the HR Department either in writing or via
Recommendation email. The HR Department conducts a comprehensive evaluation of all submissions and Middle and Junior
and Job proposes a shortlist of candidates for competitive interviews. Upon selection an Internal Special Project Work Role Management Leadership
Competition Transfer Notice is issued to the relevant department and the successful candidate formally Assignments TransitionsTraining
assumes the new role following a structured work handover process.Sales-focused R&D Skill Implementation New Employee
Proactively expand diverse social recruitment channels leveraging a mix of online Development Enhancement Expertise Onboarding
Social professional recruitment platforms offline talent market job fairs social media outreach
Recruitment executive search firms and HR service companies. This multifaceted approach effectively reaches potential talents from varied backgrounds and professional domains establishing a
comprehensive multi-tiered talent acquisition pipeline.Koal Academy E-Learning Platform
Koal Academy Charter Training Management Policies
Talent Attraction
Koal has established a diverse array of open recruitment channels and a comprehensive Key Performance
Koal talent pool enabling precise identification of talent gaps in key positions. The
Company conducts regular talent assessments enriches its talent reserves and fosters Recognized as a
talent pipeline development. Guided by corporate strategy Koal has constructed an
efficient and equitable talent attraction system. On one hand the Company introduces "2024 Top Employer"
high-caliber human resources through external recruitment to fill critical positions by Lagou Recruitment. To further align corporate strategy with talent development Koal has established an internal training institution - the Koal
and expands its talent sources through diversified channels such as social media and Academy. This academy is designed to serve the Company's core business objectives and strategic goals emphasizing an
university collaborations thereby enhancing recruitment efficiency and improving operational philosophy of "derived from business serving the business." It plays a crucial role in supporting Koal's strategic
the match between positions and talents. On the other hand the Company uncovers transformation. As a key component of the Company's talent development ecosystem Koal Academy strengthens employee
existing talent through internal recruitment ensuring that recruitment plans closely capabilities through an integrated "training-and-practice" model while also serving as a vehicle for standardized corporate culture
align with strategy through internal and external synergy thus optimizing human dissemination. In the future it is poised to become a driving force for organizational change. During the reporting period the
resource allocation and structure. Moreover the Company places significant emphasis Company formulated the Koal Academy Charter which outlines the training management framework and lays the groundwork for
on talent integration and development particularly focusing on the recruitment and a strategy-driven talent cultivation ecosystem.onboarding experience of campus hires. By consistently refining recruitment strategies
Koal achieves full-cycle management of talent encompassing "precise introduction -
efficient empowerment - continuous retention."
7576
Culture-Driven Leadership Business Support
Initiatives Development Support Systems
Programs Training2024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Key Performance New Employee Training
Koal has enhanced its new employee training system implementing a comprehensive
model that integrates "online self-study and on-the-job guidance" with "learning
Percentage of trained employees by Average training hours per employee and assessment." This approach is designed to accelerate the adaptation period and
employee category by employee category boost new employee performance. To further support new employee development
the Company has instituted a mentorship program that encourages mutual selection
Training coverage rate for Average training hours per temporary between employees and mentors. Each new hire is paired with a mentor who
senior employees worker/labor dispatch/intern provides personalized on-the-job guidance throughout their initial adjustment phase.
100% 14.42 New employee online training session
Total investment in
employee training Leadership Training
Training coverage rate for Average training hours per
RMB 537000 mid-level employees frontline employee Koal has developed tiered leadership training plans catering to employees across
100% 14.42 various levels of the organization. The Company offers a diverse range of comprehensive and systematic management and leadership courses delivered through both online
and offline platforms. These programs are tailored for current and aspiring managers
aimed at expanding their perspectives pushing boundaries and regularly updating
Total attendance of training Training coverage rate for Average training hours per their knowledge and skills for practical application in business development.throughout the year frontline employees senior employee In an effort to foster youthful and innovative leadership while enhancing management
100% 11.76 capabilities to support steady business growth the Company sponsors promising young 7237 managers to participate in prestigious programs such as the China Europe International Business School (CEIBS) EMBA PBC School of Finance (PBCSF) EMBA and Advanced
Management Programme (AMP). Furthermore to unlock the potential of middle-level Empowering leadership training session
managers Koal engages external experts to conduct empowering leadership training.Training coverage rate for temporary Average training hours per mid-level
Total employee training hours These sessions conducted in an open and trusting environment are designed to workers/labor dispatch/interns employee and technical specialist enhance critical thinking project planning and reflective skills within the talent pool
9556.13 100% 11.76 ultimately driving the precise achievement of key business objectives.
Professional Skills Training
Annual training
hours per employee Percentage of trained employees by gender To facilitate the growth and
development of employees
14.26 Training coverage rate for Training coverage rate for across various professional
male employees female employees tracks Koal designs annual
skill training plans tailored
100% 100% to specific job requirements. T h e s e c o m p r e h e n s i v e
Training coverage rate plans encompass crucial
100% areas such as R&D testing implementation and sales
ensuring that each employee
acquires all necessary skills
Koal Academy E-Learning Platform and professional knowledge. This ongoing enhancement
Total training attendance Total course views on online of employees' professional
at Koal Academy training platform capabilities aids in clarifying their career trajectories and
1068 165 development goals.
Total training hours Total course viewing hours
at Koal Academy on online training platform
1267.20 682.9 Koal professional skills
training session
77 782024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Collaboration with External Institutions Education and Qualification Support
Koal proactively creates opportunities for employees to access high-quality external educational resources introducing The Company actively encourages and supports employees in their pursuit of higher degrees publication of academic papers
premium specialized training programs to help employees deepen their expertise in their respective fields. In 2024 the Company and acquisition of professional certifications. Through a system of incentive subsidies Koal aims to enhance employees'
collaborated with multiple external institutions to implement diverse training initiatives including sponsoring select young professional qualifications. The Company has implemented the Revised Measures for Encouraging and Rewarding Employee
managers to attend prestigious programs such as the CEIBS EMBA PBCSF EMBA and AMP providing robust support for employee Paper Publications and Measures for Encouraging and Rewarding Employees Obtaining Qualification Certificates which clearly
growth and professional development. define reward standards for these achievements. Upon approval employees can receive benefits such as expense reimbursement
and performance bonuses facilitating continuous professional growth. During the reporting period 26 employees successfully
obtained relevant professional qualification certificates and were rewarded accordingly.Compensation and Benefits
Key Performance
Koal has established a comprehensive compensation structure and a scientifically designed remuneration system. The Company
6 4 training sessions were conducted for R&D and testing positions with 2 0 8 4 total attendances. has developed and constantly refines its compensation assessment and incentive policies to provide employees with externally competitive and internally equitable compensation and benefits packages.
2 5 training sessions were conducted for implementation positions with 1 1 0 7 total attendances. Scientific Compensation Structure
2 2 762 Koal has implemented a robust compensation structure and employee evaluation system. The Company regularly assesses employees' training sessions were conducted for sales positions with total attendances. performance capabilities and attitudes providing a solid foundation for salary adjustments promotions and training decisions.
Compensation levels are benchmarked against industry peers taking into account employees' job performance and position
requirements. The Company offers competitive base salaries and performance-based pay including annual bonuses and project-
specific incentives. Furthermore an employee stock ownership plan has been introduced to establish a medium to long-term incentive
mechanism that promotes risk- and profit-sharing enabling employees to benefit from the Company's growth and development.The Company's compensation system consists of base salary performance pay allowances and bonuses. Senior management
compensation is determined based on factors such as position responsibilities capabilities and market salary trends. Their variable
Employee Development compensation is linked to the Company's operational performance and individual performance evaluation results aligning their
interests with the Company's development and growth. The compensation structure for general staff includes base salary performance
pay year-end performance bonuses and allowances. The year-end performance bonus is closely tied to the Company's overall
Career Development operational results and a comprehensive evaluation of individual behavior and achievements. This approach ensures that bonuses
are effectively linked to organizational and individual performance evaluation results allowing for dynamic management of employee
Koal prioritizes employee career development having established a comprehensive promotion system. Recognizing technology as the income. This system has proven effective in enhancing employee satisfaction and productivity while reducing turnover rates among
core of its productivity the Company has implemented a "dual-track" promotion path offering advancement opportunities in both core staff. Additionally the Company conducts regular market salary surveys to ensure its compensation levels remain competitive
management and technical roles. This structure creates an open transparent and well-defined career development framework. attracting and retaining top talent. During the reporting period all employees and departments underwent regular performance
evaluations with all management personnel and general staff particularly those in non-sales functions receiving compensation
commensurate with their evaluation results.T6 Technical Leader M4 Technical Director
Employee Performance Evaluation and Feedback
T5 Domain Expert
The Company regularly conducts performance evaluations adhering to the principles of "openness equity and fairness." Annual
M3 R&D Director
T4 Technical Expert and long-term performance assessments are carried out for the Company departments and individuals. Overall performance
M objectives are cascaded and implemented across various departments ensuring that each team and employee has clear goals anag and responsibilities leading to efficient task completion. For employees at different levels and in various roles a combination T3 Principal Engineer e ml en M2 R&D Manager of qualitative and quantitative methods is used to comprehensively evaluate key performance indicators and work objectives.ica tn Sh equ Individual performance achievements are directly linked to personal bonus coefficients. Through scientific guidance timely
T2 Senior Engineer Tec ence supervision and objective measurement the Company ensures a comprehensive and fair assessment of employee performance.To motivate employees to focus on both company and departmental performance the Company links these performance results
T1 Software Engineer M1 Assistant to the overall bonus pool encouraging employees to recognize their value and contribution within the organization. Koal has
R&D Manager established open channels for performance communication actively collecting employee feedback and fostering timely coaching
and communication between superiors and subordinates. This approach helps both employees and the organization improve
performance and achieve their goals.
7980
Sequence2024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Employee Benefits and Welfare Case Koal Children's Summer Cryptography Exploration Tour
Koal has implemented a comprehensive multi-faceted welfare system that encompasses all employees. Beyond the statutory
basic benefits the Company offers an extensive range of non-monetary benefits to its entire workforce covering health protection To support employees in achieving work-life balance and to enhance their identification with and sense of belonging to
and life support. This enhances employees' sense of belonging and well-being fostering a warm and supportive workplace the enterprise Koal organized a summer cryptography exploration tour for employees' children. This activity provided an
environment that drives high-quality enterprise development. opportunity for employees' children to understand corporate culture promoting the inheritance of corporate values and
demonstrating the Company's care for future generations and commitment to social responsibility.Statutory Social In compliance with national regulations the Company contributes to social pension insurance
Insurance and medical insurance unemployment insurance work-related injury insurance maternity insurance
Housing Fund and housing provident fund for eligible employees.The Company has established a robust leave system including paid annual leave marriage
Leave Benefits leave maternity leave and sick leave ensuring that employees' rest and personal needs are
adequately addressed.The Company provides employees with comprehensive medical insurance and health
Health Care management services including regular physical examinations and health consultations
focusing on both physical and mental well-being.Employee Care The Company attends to employees' personal needs and family circumstances offering services
such as birthday wishes and support for children's education.Employee Engagement and Communication
Koal places great importance on employee communication and exchange respects employees' opinions and suggestions and
Work-Life Balance The Company regularly organizes various cultural and sports activities for employees including actively builds positive employee relations. The Company strives to create an equitable harmonious open and transparent fitness sessions and sports competitions. communication environment for all employees.Open Communication Channels
Koal consistently invests in optimizing the office environment creating comfortable safe and creative workspaces equipped Koal has established a multi-dimensional communication system that transcends
with state-of-the-art office facilities and ergonomic work equipment to enhance the employee experience. To promote work-life hierarchical barriers providing employees with open and diverse communication
balance the Company actively organizes a diverse range of engaging employee activities such as regular team-building events channels. These include suggestion (complaint) boxes on-site complaints written
cultural and sports competitions and holiday celebrations. These initiatives strengthen communication and interaction among complaints a general manager hotline and a general manager email. The Company Collective bargaining agreement
employees fostering a warm and harmonious corporate family atmosphere. encourages employees to freely share views and suggestions across all levels Key Performancesigning rate in 2024:
constantly improving reporting procedures and handling processes ensuring
that every employee concern receives a prompt response and appropriate action.Additionally the Company respects employees' freedom of association rights to join
form or not join unions in accordance with local laws. For employees who join legally 93%
recognized unions the Company is committed to engaging in constructive dialogue
and collective bargaining with unions or employee representatives.Channel Type Functional Positioning Response Time Commitment
Human Resources Department All types of complaint handling
General Manager Hotline Direct reporting of major issues As per company policy
General Manager Email Submission of written suggestions and complaints
81 822024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Grievance Reporting Procedure
Koal has implemented an open and confidential formal grievance reporting Employee satisfaction rate
procedure that covers all regular employees and part-time personnel. Employees in 2024
are encouraged to promptly appeal to their superiors or the Human Resources
Department when experiencing any unfair treatment. The Company has designated
personnel to receive and handle employee grievances and reports. The Human 75%
Resources Department serves as the grievance reception center working in
conjunction with the Internal Audit Department to manage the reception
investigation processing and follow-up of grievances. Based on principles of
authenticity confidentiality and effectiveness the Company ensures timely
acceptance of each reasonable report and conducts independent investigations.The Company strictly maintains the confidentiality of the complainant's personal
information and the content of the complaint taking necessary measures to protect
the safety and legal rights of the complainant. Any retaliation against complainants
or information leaks once verified will be dealt with severely.Satisfaction Survey
Koal regularly conducts employee satisfaction surveys to comprehensively gather
employee opinions and suggestions listening to employee voices and demands
across multiple dimensions. The Company consistently improves its management
practices based on employee satisfaction survey data analysis and feedback.During the reporting period in response to commuting challenges identified in the
employee satisfaction survey the Company developed a commute optimization plan
adding early peak hour services and simultaneously enhancing the station coverage
of two existing commuter routes.Indicators and Targets
Impact Risk and Opportunity Management
Indicator/Target 2024 Achievement Status
Koal places paramount importance on human capital risk management meticulously identifying key areas of potential
vulnerability. The Company employs a continuous process of risk identification assessment response and monitoring of human
capital risks guided by its strategic objectives. By integrating insights from employee satisfaction surveys Koal consistently Human resource cost control ≤ 100% Target achieved
refines its human resource management strategies throughout the entire talent lifecycle encompassing "attraction development
utilization and retention." This comprehensive approach ensures that human capital development risks remain within
manageable parameters enabling high-quality organizational growth through a high-caliber talent pool. Employee training rate 100% Target achieved
Analysis of Human
Capital Risks Response Strategies
Strategic and organizational Enhance human capital risk identification and assessment mechanisms
change risks maintaining an up-to-date human capital risk inventory.Core technical talent attrition risks Implement a scientifically robust human resource management system Occupational Health and Safety
Skills and business needs featuring demand-driven strategic talent pool planning. Conduct regular
mismatch risks talent and organizational assessments aligned with the Company's strategic
Insufficient international talent direction and business development trajectory effectively mitigating
reserve risks reducing or transferring identified risks. Koal rigorously adheres to pertinent laws and regulations including the Law of Key Performance
Prioritize the recruitment of technical talent that aligns with the Company's the People's Republic of China on the Prevention and Control of Occupational Performance incentive and evolving needs while conducting targeted specialized training for existing Diseases and the Provisions on the Supervision and Administration of Occupational compensation competitiveness employees to enhance skill adaptability. Health at Work Sites while fully complying with the requirements of the ISO 45001 Koal has obtained ISO 45001 risks
Establish clear and measurable performance standards foster open management system. The Company consistently enhances its occupational health- Occupational Health and Safety Diversity and inclusion risks communication and feedback channels and constantly refine performance related policies and regulations establishes robust procedures for identifying and Management System certification.Insufficient training and management tools and processes. addressing potential risks and opportunities and implements comprehensive
development risks daily supervision and inspection protocols. By prioritizing health and safety across Implement regular employee satisfaction surveys to identify potential
Compliance and employment risks all business operations the Company ensures the safeguarding of employees' issues in talent management processes and develop targeted improvement occupational health.initiatives.
83 8420244 E年nv环iro境nm、en社ta会l S及oc公ia司l an治d理 Go(veErnSaGn)ce报 (E告SG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Establish The Company has appointed dedicated Management Representatives and Employee Safety
Community Engagement
Management Representatives for the Occupational Health and Safety Management System. These individuals are
Structure tasked with establishing implementing and enhancing the occupational health and safety management system as well as coordinating and addressing related issues that arise during system operation.Koal is committed to enhancing urban and rural public infrastructure and supporting the advancement of education science and
technology culture health and sports in the public sector. The Company actively encourages its employees to participate in social
The Company has formulated and constantly refines a comprehensive set of safety management volunteer activities thereby giving back to society with tangible actions.Develop and occupational health-related regulations including the Fire Safety Management System and Fire
Management Control Procedures. Furthermore a Quality Environmental and Occupational Health and Safety
Policies Management Manual has been compiled to bolster workplace safety protection effectiveness and Total charitable
foster a high-quality healthy and secure working environment for all employees. donations and external Rural revitalization efforts
contributions
The Company has established specific occupational health and safety objectives targeting "zero RMB 200000
major safety incidents" and "zero major fire incidents." To facilitate the achievement of these RMB 200000
Set Annual objectives the Company cascades them across functional departments and formulates tailored
Objectives management and evaluation plans thereby ensuring the effective implementation of preventive
measures and reinforcing the foundation of its occupational health and safety management.Regular internal audits management reviews and external audits of the ISO 45001 management
system are conducted to ensure continued compliance with system standards. Rural Revitalization
In an effort to strengthen east-west
The Company has implemented a robust Hazard Identification Risk Assessment and Risk Control support collaboration between Shanghai's
Planning Procedure to standardize the process of hazard identification and evaluation. This Chongming District and Yunnan Province's
procedure clearly delineates operational requirements including risk avoidance risk reduction Lincang City Koal has partnered with
Address Safety and risk acceptance measures ensuring comprehensive coverage of safety risk management Guodazhai Township in Fengqing County.Risks across all business processes and enhancing overall risk resilience. The Company established the Qiongying
Safety Risk Management Process: Planning and organization hazard identification risk Ancient Tree Tea Professional Cooperative
assessment determination of significant hazards risk control evaluation and implementation. as a designated industry collaboration
project. This initiative invested RMB
200000 in purchasing Qiongying ancient
tree tea benef i t ing over 800 local
households and boosting the revitalization
To address potential emergencies in daily operations and workplace scenarios the Company has of rural industries.implemented an Emergency Preparedness and Response Control Procedure alongside specific
emergency plans for various safety incidents. These protocols encompass a comprehensive
Conduct management process from emergency preparation and response to drill execution and post-drill Koal's designated industry collaboration project - Qiongying
Emergency Drills analysis ensuring 100% implementation of plans and full coverage for all employees. Ancient Tea Targeted Harvesting Base
The Company regularly organizes diverse safety emergency drills simulating real-world emergency Charitable Education Support
situations to constantly refine response measures and enhance the emergency management
capabilities of all personnel. During the reporting period Koal conducted two safety emergency drills. Koal has developed non-profit research and study bases for schools focusing on key themes such as "digital economy" "cryptography"
and "information technology innovation." These centers provide teachers and students with opportunities to gain insights into the
development and trends of the information technology innovation industry as well as the role of cryptographic technology as security
foundations through interactive learning experiences. The Company offers complimentary access to its facilities including server
rooms IT innovation adaptation and verification practice areas and cryptography factories. This allows visiting schools to witness
Key Performance firsthand the increasing capabilities of domestically produced independent and controllable server systems.Health and safety Work safety accidents Health and safety Voluntary Blood Donation
investment throughout the year: training coverage:
In 2024 four Koal employees demonstrated
RMB 225000 0 100% their commitment to social responsibility by participating in blood donation drives. Their
actions not only contributed to alleviating
Work-related injury rate: Occupational disease the shortage of medical blood supplies but
incidence rate: also inspired fellow employees to engage in 0% similar charitable activities.0%
Number of Workdays lost due to
work-related fatalities: work-related injuries:
00
Koal employees at the blood donation site
85 86Green and
Low-Carbon Operations
89 Environmental Management System
91 Climate Change Mitigation
95 Green Operations
Contributing to the UN SDGs2024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Environmental Management System Environmental Management Process
Koal has implemented a comprehensive environmental management framework Key Performance Define
based on the ISO 14001 Environmental Management System ensuring compliance Environmental Establish quantifiable Achieve 100% classified
with relevant domestic and international laws regulations and standards including Management environmental
the Environmental Protection Law of the People's Republic of China and the Energy Obtained ISO 14001 management targets: disposal of solid waste.Objectives
Conservation Law of the People's Republic of China. The Company has developed Environmental Management
a suite of policy documents such as the Environmental Management Manual and
Environmental Monitoring and Measurement Procedures. Koal regularly conducts System certification.environmental risk assessments organizes company-wide environmental protection
training and implements awareness-raising initiatives aiming to mitigate the
environmental impact of its operations. During the reporting period the Company Develop Based on the environmental management targets each operating location creates annual
reported no environmental pollution incidents received no environmental Environmental environmental management work plans that comply with relevant national and regional
administrative penalties and experienced no major environmental accidents. Management regulations and align with their specific circumstances.Plans
Koal has established a robust environmental management structure and process. The General Manager assumes overall leadership Internal Audit: The Company conducts annual internal In 2024
responsibility for environmental management coordinating related activities across business operations. The Management reviews of its environmental management system Koal conducted internal
Representative ensures the establishment implementation and maintenance of environmental management system processes. Implement following the Management Review Control Procedure 1
Each functional department is tasked with identifying and evaluating environmental factors and potential hazards within their Environmental and Internal Audit Procedure . Corrective actions are audit review and underwent
area setting departmental environmental objectives and monitoring progress towards these goals. Management proposed and monitored based on review findings.Audits 1 external audit.External Audit: The Company undergoes annual third-
party environmental audits from external stakeholders.General Manager Management Representative Functional Departments
Establish environmental policies Oversee the establishment Identify and assess environmental
and objectives aligned with the implementation and maintenance factors and potential hazards Conduct The Company carries out regular on-site inspections and supervision to identify and
Company's strategic direction. of environmental management within their department. Routine Environmental address gaps in environmental management practices ensuring the effective operation of
Integrate environmental system processes. Develop departmental Monitoring the environmental management system.management system requirements Report to the General Manager on environmental objectives and
into business operations and secure the environmental management monitor their achievement status.necessary resources. system's performance and
Ensure company-wide internal audit results including
understanding and implementation improvement recommendations. The Company has developed and regularly updates the Emergency Preparedness and
of environmental policies Enhance Response Management Procedure. Annual environmental emergency drills are conducted
promoting process-based Environmental to prepare for potential incidents and mitigate environmental impacts. During the
approaches and risk-based thinking. Emergency reporting period the Company executed 2 environmental emergency response drills.Management
The Company actively promotes an environmental protection culture. Employees
enthusiastically participate in tree-planting activities organized by the industrial park.Foster a
Robust
Environmental
Culture
89 902024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Climate Change Mitigation Strategy and Approach
The Company has conducted a comprehensive analysis and assessment of climate change risks (including physical risks and
transition risks) and opportunities facing its business operations.In response to global climate change Koal actively supports the national "dual carbon" goals. The Company adheres to the
framework recommendations outlined in the Guidelines No. 14 of Shanghai Stock Exchange for the Self-Regulation of Listed Risk/ Risk/Opportunity Impact Potential Response
Companies—Sustainability Report (Trial) proactively identifying various risks that climate change poses to its business operations. Category Opportunity Description Financial Period Measures
By integrating four key dimensions - climate change-related governance strategy impact risk and opportunity management and Type Impact
indicators and targets - Koal actively develops response measures. These efforts aim to enhance the Company's resilience in the Implement timely forecasting and
face of climate change scenarios and constantly improve its ability to address climate risks. Severe climate events such as typhoons warning systems for extreme weather
and floods may lead to extreme weather events. Develop comprehensive
or natural disasters potentially affecting Revenue emergency response plans for extreme
Governance Acute Koal's infrastructure servers and other
decline cost weather scenarios. Stockpile emergency
Physical equipment across various operational Short-term increase supplies and conduct regular emergency
Risks sites. This could result in a series of direct medium-term liability rise drills to enhance response capabilities.The Company has seamlessly integrated climate change-related functions into its ESG governance structure clearly delineating or indirect economic losses including and asset Prioritize climate-resilient areas
management responsibilities across various levels. This facilitates comprehensive discussions on climate change-related issues asset damage increased repair costs and
impairment
when selecting new operational sites
enables the identification of climate risks and opportunities and supports the development of targeted measures to address higher insurance premiums.Physical Risks thoroughly considering local historical
climate change. data on natural disasters.Climate change-induced rise in average
temperatures increases the need for Consistently optimize energy efficiency
ventilation and cooling in office spaces. and implement robust monitoring Chronic Revenue of energy use. Enhance precision
Physical This could negatively impact the normal Medium-term
Risks operation and lifespan of the Company's long-term
decline and cost management of energy consumption
servers and other hardware while also increase through advanced statistics and
leading to increased energy consumption monitoring systems. Actively promote
Board of Directors and ESG Committee and operational costs. green office practices among employees.The Assume a leadership role in managing and decision-making on climate change issues As progress is made towards "dual Management carbon" goals stricter domestic and Closely monitor changes in international
Bodies Oversee climate change management decisions. Policy and international policies and regulations Revenue and domestic environmental and carbon-
Review and approve climate action strategic planning goals implementation progress Regulatory are being introduced to mitigate climate Short-term related laws regulations and policies.climate risk and opportunity assessment results and overall management status. Risks change. The gradual advancement of medium-term
decline and cost
carbon emissions trading mechanisms increase
Strengthen compliance management
strategies in alignment with the
exposes the Company to heightened Company's specific circumstances.compliance risks.Influenced by climate change and global
energy transition prices for energy
(electricity steam) water and hardware Forge strategic partnerships with high-
facilities are likely to increase leading to Revenue quality collaborators to bolster supply
ESG Executive Committee higher operational costs. decline cost chain resilience and risk response
Market Risks Medium-term increase As demand for climate-friendly products capabilities.Function as the executive body of the ESG Committee coordinating the comprehensive long-term liability rise and services grows the Company may and asset Intensify research and application efforts implementation of climate change issue management Transition Risks face operational risks such as pressure on impairment in green products and solutions to stay
Guide the design and execution of strategies objectives and initiatives related to climate product pricing increased raw material ahead of changing market trends.change issues. costs and potential misalignment of products with evolving market demands.Assess and manage climate change-related risks and opportunities.The Regularly collate and summarize the progress and effectiveness of climate change-related Conduct rigorous feasibility studies
Execution work providing comprehensive reports to the ESG Committee. Investment in research and application on the R&D and application of green
Bodies Technology of new green products and technologies Revenue products and solutions. Actively engage
Risks may lead to decreased product demand
Short-term
medium-term decline and cost in industry collaborations and work
Functional Departments and revenue if customers do not accept increase closely with value chain partners to these innovations. promote low-carbon technology R&D
and application.Manage and supervise the execution of specific climate-related work
Spearhead the implementation of climate-related actions across various business units Increasingly stringent environmental
supporting company-wide climate strategy implementation. Reputational performance disclosure requirements
Monitor market regulatory and disclosure
increase compliance costs associated Short-term Cost increase requirements across various regions and
Execute energy use optimization and carbon reduction plans at the operational level. Risks with maintaining or enhancing corporate medium-term implement comprehensive compliance
reputation. measures.
91 922024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Risk/ Risk/Opportunity Potential Indicators and Targets
Category Opportunity Impact Description Financial
Response
Type Period Impact Measures
The Company's development and Capitalize on opportunities for green Greenhouse Gas Emissions
innovation of climate-friendly products transformation and upgrade. Develop
Products and technologies catering to customers Short-term Revenue targeted products and technologies that
and Services with environmental protection and medium-term growth not only meet basic customer needs but Direct greenhouse gas emissions (Scope 1) Indirect greenhouse gas emissions (Scope 2)
energy-saving needs can unlock new also incorporate environmentally friendly
Climate growth opportunities. technologies. tons of CO2 equivalent tons of CO2 equivalent
Opportunities
Achieve dual benefits of cost savings and 0 1104.22
Resource environmental protection by adopting Integrate energy-saving technologies and
Efficiency energy-efficient technologies and
Short-term Revenue equipment across all operational facets
equipment to reduce energy consumption medium-term growth driving down energy costs.in operations. Total greenhouse gas emissions (Scope 1 and Scope 2) 1
Greenhouse gas emission intensity
tons of CO2 equivalent tons of CO2 equivalent/RMB 10000 revenue
1104.220.0209
Impact Risk and Opportunity Management 1 Greenhouse gas emissions reported here refer exclusively to carbon dioxide emissions and do not encompass other greenhouse gas types such
as methane and nitrous oxide emitted from other sources. Scope 2 greenhouse gas emissions represent emissions caused by purchased electricity
and heat. The electricity emission factor is derived from the Announcement on the Release of Carbon Dioxide Emission Factors for Electricity in 2022
To address potential risks and capitalize on opportunities brought about by climate change Koal has established a robust process (Announcement No. 33 of 2024) jointly issued by the Ministry of Ecology and Environment and the National Bureau of Statistics.and framework for managing climate risks and opportunities. Through a combination of internal research industry studies and
external recommendations the Company systematically identifies analyzes evaluates and manages significant climate change
risks and opportunities. Based on comprehensive risk identification results a climate risk-opportunity matrix and targeted
mitigation measures are developed promoting the integration of climate risk management into the company-wide multi-
departmental risk management process to actively address climate change challenges.Climate Risk and Opportunity Identification Analysis Evaluation and Management Process
Climate Risk-Opportunity Climate Risk and
Climate Risk-Opportunity Research Identify Risk-Opportunity Inventory Materiality Analysis and Assessment Opportunity Management
Conduct preliminary identification of climate risk Identify climate risks and opportunities within Conduct a thorough assessment of the impact Perform in-depth material ity analysis and
and opportunity types including physical risks the industry and along the value chain forming period and materiality level of climate risks and financial impact assessment of climate risks and
transition risks and climate opportunities based a comprehensive risk inventory. opportunities leveraging internal research opportunities developing key response strategies.on disclosure recommendations from authoritative Screen risks and opportunities relevant to industry studies and external recommendations. The ESG Executive Committee funct ional
sources such as the Guide No. 4 for Self-Regulatory Koal based on internal and external expert departments branches and controlled subsidiaries
Supervision on Listed Companies of the SSE — recommendat ions databases and other implement targeted r isk management and
Compilation of Sustainable Development Reports credible sources. response initiatives developing comprehensive
(Draft for Comments) and the IFRS S2 Climate- risk treatment plans. The ESG Committee regularly
related Disclosures. monitors and tracks implementation progress to
ensure effectiveness.
93 942024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Green Operations
Koal actively promotes green and low-carbon operational practices incorporating climate change considerations into its business
control processes. The Company consistently improves its environmental performance in areas such as energy usage water Indicator Unit 2024
resource management and waste disposal. By implementing energy-saving measures ensuring proper waste management and
fostering a green culture Koal creates an environmentally friendly office environment thereby reducing the environmental impact Purchased electricity 10000 kWh 205.78
of its operations.Total energy consumption1 tons of standard coal equivalent 252.91
tons of standard coal equivalent/
Energy Management Energy consumption intensity 0.0048RMB 10000 revenue
We have established energy management policies including the Electricity Saving Management Measures. Through various
initiatives we strive to reduce greenhouse gas emissions and actively address climate change.1 Total energy consumption is calculated in tons of standard coal equivalent in accordance with the General Rules for Calculation of the
Comprehensive Energy Consumption (GB/T 2589-2020) issued by the State Administration for Market Regulation and the Standardization
Administration of China.Lighting electricity management
We maximize the use of natural light turning off unnecessary
lighting fixtures when daylight is sufficient. Natural light is
prioritized in window-adjacent office areas. The number of
lighting fixtures is adjusted according to area-specific functional
requirements with reasonable control of lighting brightness.Lighting in corridors meeting rooms restrooms and other public
areas is turned off when unoccupied and lighting schedules are
set based on actual usage patterns to avoid waste.Office equipment management
We require employees to turn off computers printers copiers
and other equipment when not in use. Devices are set to sleep
mode or turned off when not used for extended periods (over
1 hour). Double-sided printing and copying are promoted to
reduce paper consumption and equipment power usage.Air conditioning temperature control
We set summer air conditioning temperature no lower
than 26 ° C and winter temperature no higher than 20 ° C.Human comfort is balanced with energy-saving needs by
adjusting temperature (every 1° C change) to optimize energy
consumption. Air conditioning cooling capacity is reasonably
adjusted based on server heat generation and server room
ambient temperature to ensure the server room temperature
remains within the specified range while reducing air
conditioning energy consumption.Energy conservation and
environmental protection promotion
We display compelling green energy-saving slogans on
prominent large screens consistently exposing employees
to green energy-saving concepts during daily work. This
approach subtly enhances energy conservation awareness
among staff.
95 962024 Environmental Social and Governance (ESG) Report Forging a Digital Shield Efficient and Robust Operations Striving for a Shared Prosperous Future Green and Low-Carbon Operations
Water Resource Management Waste Management
The Company's primary water consumption is attributed to daily office use with the municipal water supply serving as the The Company primarily generates waste in the form of office paper courier boxes ink cartridges toner cartridges waste fluorescent
main source. We have designed and implemented efficient water resource management measures for our business activities tubes and discarded electronic equipment. We actively encourage waste reduction recycling and reuse aiming to minimize waste
establishing plans to reduce water consumption. By adopting appropriate measures to achieve water management goals we generation where feasible and mitigate the environmental impact of waste disposal.constantly improve our water usage performance.Green procurement
Water equipment management Office drinking water management We prioritize the purchase of environmentally friendly biodegradable or recyclable materials reducing environmental
pollution and resource waste.We have installed faucets with temperature-controlled We dynamically adjust the supply of bottled water
automatic shut-off functions in public restrooms to based on seasonal variations reasonably increasing
prevent water waste caused by prolonged water flow. supply during high-consumption summer months
Regular inspections of water facilities are conducted and reducing allocation during low-consumption Equipment downgrading
and leaks are promptly repaired to ensure effective winter months. The provision of individual bottled
utilization of water resources. water in daily office scenarios has been discontinued For electronic equipment such as servers hosts hard drives and computers we have established an internal equipment
with employees encouraged to use centralized water allocation platform to reassign devices suitable for downgraded use between different departments or projects within the
dispensers instead. Company. Hard drives with remaining storage capacity and read/write speeds suitable for non-critical operations are removed
from high-performance hosts and installed in office computers with lower storage requirements for secondary utilization.Drinking water equipment maintenance Water conservation promotion Equipment recycling
We carry out regular maintenance and inspections We conduct employee awareness campaigns We repurpose refurbished equipment within the Company and explore external reuse channels such as collaborating with
of water dispensers to ensure normal operation of encouraging the use of personal water bottles to small enterprises to sell idle but still functional computers at discounted prices.heating/cooling functions preventing equipment reduce disposable paper cup consumption. This
malfunctions that could lead to water waste. approach also mitigates water waste from bottled
water dispensers due to casual usage (e.g. over-
dispensing and discarding unconsumed water). Paperless office
We extensively utilize ERP systems encouraging employees to store share and approve documents electronically. For
instance through the Company's internal cloud storage system employees can conveniently store and retrieve various
documents replacing traditional paper file cabinets.Indicator Unit 2024
Indicator Unit 2024
Water Resource Total water consumption tons 202322
Consumption Paper tons 1.15Water consumption intensity kg/RMB 10000 revenue 3.82
Toner cartridges / 4
Waste Discharge
Ink cartridges / 95
Non-hazardous waste intensity kg/RMB 10000 revenue 0.22
97 98Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
Appendix Supply Chain Management
Indicator Unit 2022 2023 2024
Total number of suppliers Companies 66 68 64
Number of domestic suppliers Companies 66 68 64
Key Performance Table Number of overseas supplier Companies 0 0 0
Economic Performance Information Security and Privacy Protection
Indicator Unit 2022 2023 2024 Indicator Unit 2022 2023 2024
Operating revenue Billion RMB 0.660 0.561 0.529 Number of major service/information security incidents Times 0 0 0
Net profit attributable to shareholders of the Annual training coverage rate for information security/
Million RMB -9 37 37 % 100% 100% 100%
parent company information technology services
Total assets Billion RMB 1.746 1.661 1.670 Number of data breach incidents Times 0 0 0
Total tax payment Million RMB 68.7196 29.6828 41.9318
Basic earnings per share RMB/share -0.04 0.16 0.16
Employment
Indicator Unit 2022 2023 2024
Corporate Governance Total number of employees Persons 923 821 679
Number of employees recruited during the reporting period Persons 168 123 75
Indicator Unit 2022 2023 2024 Number of employees Male Persons 758 657 537
Total number of Board members Persons 9 9 9 by gender Female Persons 165 164 142
Proportion of independent directors % 33.33% 33.33% 33.33% Senior management Persons 6 6 7
Major corruption and bribery incidents Cases 0 0 0 Number of employees Middle management Persons 110 116 82
by hierarchical level
Entry-level employees Persons 807 699 590
29 years old and below Persons 410 321 210
R&D Innovation 30-39 years old Persons 340 322 293
Number of employees
40-49 years old Persons 150 158 153
Indicator Unit 2022 2023 2024 by age
50-59 years old Persons 19 15 20
Total R&D investment Million RMB 92.7666 98.5999 97.8889
60 years old and above Persons 4 5 3
R&D investment as a percentage
%14.07%17.57%18.49%
of operating income Number of employees Chinese employees Persons 923 821 679
Number of newly granted patents Items 8 9 13 by region Overseas employees Persons 0 0 0
Cumulative number of granted patents Items 58 67 84 Employees with associate Persons 245 246 170
degrees or below
Number of newly registered
Items / / 15
software copyrights Employees with bachelor's degrees Persons 616 516 455
Number of employees
Cumulative number of registered
Items / / 197 by educational level Number of employees with
software copyrights Persons 59 56 51graduate/MBA degrees
Number of employees with bachelor's
Persons 3 3 3
degrees or above
Products and Services Number of employees Regular employees Persons 913 791 663
classified by Temporary workers/labor
Indicator Unit 2022 2023 2024 employment type
Persons 10 30 16
dispatch/interns
Incoming material inspection pass rate % / / 100% Employee turnover rate % 20% 28% 23.95%
Software retesting confirmation rate % / / 100% Employee turnover rate Male employees % 77% 80% 19.75%
Customer service satisfaction rate % 93% 99.1% 98.2% by gender Female % 23% 20% 4.20%
99 100Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
Employment Health and Safety
29 years old and below % 54% 51% 10.22% Work injury rate % 0% 0.2% 0%
30-39 years old % 32% 33% 7.95% Occupational disease incidence rate % 0% 0% 0%
Employee turnover
40-49 years old % 13% 13% 5.33% Number of employee fatalities due to work-related incidents Persons 0 0 0
rate by age
50-59 years old % 1% 3% 0.34% Number of working days lost due to work-related injuries Day 0 180 0
60 years old and above % 0% 0% 0.11%
Community Engagement and Public Welfare
Diversity and Equal Opportunities
Indicator Unit 2022 2023 2024
Indicator Unit 2022 2023 2024 Total investment in public welfare and external donations Million RMB / / 0.2
Proportion of female employees % 18% 20% 21%
Proportion of minority employees % 2% 3% 3%
Proportion of employees with disabilities % 1% 1% 2% Environmental Performance
Proportion of female employees in middle management % / / 17.74%
Proportion of female employees in senior management % / / 8.3% Indicator Unit 2022 2023 2024
Purchased electricity Million kilowatt hours / / 2.0578
Employee Training Total energy consumption Tons of standard coal / / 252.91
Indicator Unit 2022 2023 2024 Tons of standard coal/RMB Energy consumption intensity / / 0.0048
10000 of revenue
Total investment in employee training Million RMB / 1.6202 0.537
Total attendance of training throughout the year Attendance 6149 9918 7237 Direct greenhouse gas emissions (Scope 1) Tons of CO2 equivalent / / 0
Annual training hours per employee Hours 8108.28 19668.63 9556.13 Indirect greenhouse gas emissions (Scope 2) Tons of CO2 equivalent / / 1104.22
Annual training hours per employee Hours 8.78 23.67 14.26
Greenhouse gas emissions (Scope 1 and 2)2 Tons of CO2 equivalent / / 1104.22
Training coverage rate % 56% 99% 100%
Average Temporary workers/labor dispatch/interns Hours 0.10 0.86 14.42 Tons of CO equivalent/RMB Greenhouse gas emission intensity 2 / / 0.0209
training hours Entry-level employees Hours 8.69 22.80 14.42 10000 of revenue
per employee
by employee Mid-level managers and key technical personnel Hours 1.05 3.34 11.76 Total water consumption Tons / / 202322
category Senior management personnel Hours 0.06 0.17 11.76
Water consumption intensity Tons/RMB 10000 revenue / / 3.82
Non-hazardous waste emission intensity kg/RMB 10000 revenue / / 0.22
Health and Safety
Note 1. Total energy consumption: Calculated in terms of tons of standard coal in accordance with GB/T 2589-2020 General Rules for Calculation of
Indicator Unit 2022 2023 2024 Comprehensive Energy Consumption issued by the State Administration for Market Regulation and the Standardization Administration of China.Investment in health and safety Million RMB 0.0566 0.3666 0.225 Note 2. Greenhouse gas emissions: Refers only to carbon dioxide (CO2) emissions and does not include other types of greenhouse gases such as
methane (CH4) or nitrous oxide (N2O) from other emission sources. Scope 2 greenhouse gas emissions: Emissions resulting from the consumption of
Annual production safety incidents Cases 0 2 0 purchased electricity and heat. The electricity emission factor is based on the Notice on the Release of the 2022 Electricity Carbon Dioxide Emission
Factors (Announcement No. 33 [2024]) jointly issued by the Ministry of Ecology and Environment and the National Bureau of Statistics.
101 102Koal Software Co. Ltd. 2024 Environmental Social and Governance (ESG) Report
Indicator Index Table Shenzhen Stock Exchange Sustainability
Reporting Framework GRI 1: Foundation 2021
Reporting Guidelines
Koal has reported the information referenced in this index for the period from January 1 2024 to December 31 2024 in accordance
with the Guidelines No. 14 of Shanghai Stock Exchange for Self-Regulation of Listed Companies—Sustainability Report (Trial) and Business Ethics and Anti- Article 11 Article 19 Article 54 Article 55 (1) Article 55 (2) 2-273-32-273-3205-2206-
with reference to the GRI Standards. Corruption Article 55 (4) Article 56 (1) Article 56 (2) 1205-2206-1
Party Leadership / /
Shenzhen Stock Exchange Sustainability
Reporting Framework GRI 1: Foundation 2021
Reporting Guidelines
Striving for a Shared Prosperous Future
Message from the Chairman / /
Workplace Diversity and
Article 49 Article 50 (I) 2-7401-1405-1406-1
About This Report / 2-22-3 Inclusion
About Koal 2-12-62-23 Human Resource
Article 11 Article 19 Article 50 (1) Article 50 (3) 401-2404-1404-2404-3
Development
Article 12 (1) Article 12 (2) Article 12 (4) Article
12 (5) Article 13 Article 14 (1) Article 14 (2)
2-92-132-142-162-293-13-
Sustainable Development Management Article 14 (2) Article 15 (3) Article 17 Article Occupational Health 403-1403-2403-3403-5403-
23-3 Article 50 (2)
18 (1) Article 18 (2) Article 18 (3) Article 18 (4) and Safety 8403-9403-10
Article 51 Article 52 Article 53 (1) Article 53 (2)
Community Engagement Article 38 Article 39(1) Article 39(2) Article 39(3) Article 40 203-1203-2
[Special Topic] Koal's Green Products
Article 20 Article 28 Article 37(II) 302-5
and Solutions
Green and Low-Carbon
Forging a Digital Shield Operations
Article 11 Article 19 Article 41 Article 42 (1)
Innovation as a Driving Force 203-1416-1 Environmental
Article 42 (2) Article 42 (3) Article 42 (4) Article 29 Article 33(1) Article 33(2) Article 33(3) 2-27Management System
Article 11 Article 19 Article 44 Article 47 (1)
Safeguarding Customer Privacy 3-3418-1
Article 47 (2) Article 47 (3) Article 47 (4) Article 11 Article 19 Article 20 Article 21 Article 22 (1) 201-23-3302-5305-1305-
Climate Change Mitigation Article 22 (2) Article 22 (3) Article 23 (1) Article 23 (2)
Article 11 Article 19 Article 48 (1) Article 48 (2) 203-2416-1417-1417-2417- Article 23 (3) Article 24 Article 25 (3) Article 26 Article 27
Protecting Data Security
Article 48 (3) Article 48 (4) 3418-1
2-273-3302-1302-3303-
Sustainable Supply Chain Article 44 Article 45(1) Article 45(2) Article 46 204-1308-1414-1414-2 Green Operations Article 34 Article 35(1) Article 35(3) Article 36(1) 5305-1305-2305-4306-
3306-4306-5
Industry Ecosystem Development / /
Appendix
Efficient and Robust Operations
Key Performance Table / /
Corporate Governance / 2-102-122-272-153-3
Risk and Compliance Management / / Indicator Index Table / /
103 104Koal Software Co. Ltd.
Address: Building A2 G60 Commercial Cryptography Industrial Base No. 1-7 Lane 58
Muchuan Road Sijing Town Songjiang District Shanghai China
Tel: +86 021-62327010
Fax: +86 021-62327015
沪公网安备31011802005267号
