Consistently regarding suppliers as important business partners, Beijing Enterprises Urban Resources attaches great importance to establishing a good, win-win, and close business relationship with them in a bid to integrate resources of both sides to enhance service quality. the Group formulated the Supplier Management System(《供貨商管理制度》), the Inventory Material Management Measure (《庫存物資管理辦法》, the Collected Material Acceptance Standards (《集採物資驗收標準》) , the Supply Chain Management System (《供應鏈管理制度》),and Supplier Management Policy (《供應商管理政策》), comprehensively promoting the standardization, digitization, and greening of supply chain management.
The Group strengthens and standardizes the management of suppliers, categorizing suppliers into three main types: qualified suppliers, reserve suppliers, and blacklisted suppliers. Qualified suppliers are further divided into strategic suppliers, Class A suppliers, Class B suppliers, and trial suppliers based on various considerations such as enterprise qualifications and performance, after-sales service capabilities, on-site inspections, quality management, progress management, receipt inspection, labour use, environmental protection, and safety risks. The Supplier Management Policy of the Group requires all suppliers to adhere to labour standards, human rights protection, health and work safety, environmental protection, and business ethics.
The Group abides by the requirements of relevant internal regulatory document such as the Supplier Management Policy to deepen the control of environmental and social risks at various stages of the supply chain. During the shortlisting and selection stage, the Group fully implements the online registration and approval system of the recruitment system, and formulates shortlisting standards based on the different suppliers, requiring all suppliers to optimize the use of natural resources, avoid the use of prohibited substances, and properly manage waste. Suppliers with significant quality issues, administrative penalties or dishonest records, or major safety production accidents and other environmental and social risks will not be included in the qualified supplier database. Furthermore, the Group vigorously promotes the development of a green supply chain, giving priority to excellent suppliers with good ESG performance. Suppliers with green credentials, such as ISO9001 quality management system certification, ISO14001 environmental management system certification, OHSAS18000 occupational health and safety management system certification, and SA8000 social responsibility certification will receive audit bonus points and preferred recommendations.
During the supplier cooperation phase, the Group conducts annual supplier evaluations as a routine, assessing project companies’ suppliers of equipment, materials, engineering construction, technical consulting and other business, to ensure compliance with the Supplier Management Policy . In 2023, 272 suppliers participated in the evaluation. Furthermore, the Group employs a combination of online and offline methods to comprehensively assess suppliers. Multi-dimensional supplier data are collected through the procurement system’s supplier management module, and supplier on-site assessments are conducted by the Supply Chain Management Center in coordination with other functional departments and regional/project companies. The Group carries out class based management for suppliers with differentiated policies applied based on evaluation results, aiming to comprehensively reduce cooperation risks and environmental and social risks in the supply chain and achieve strategic cooperation and mutual development with high-quality suppliers.
The Group encourages suppliers to obtain ESG-related certifications and participate in ESG training. We offer suggestions for improving ESG management and provide support to suppliers through information sharing, two-way communication, high-level discussions, supplier incentives, and assistance. We also conduct ESG-related training for employees in the procurement department to enhance the capabilities of both parties in terms of technology, cost, service, response efficiency, and ESG performance, thereby co-creating value with our suppliers.
the first phase of the Group’s supply chain digitalization was completed and put online. Using efficient information management tools to transfer offline operation to online, including bidding inquiry and comparison, supplier price entry, contract signing, procurement plan management, order generation, logistics tracking, and purchase warehousing, picking and delivery, supplier reconciliation and evaluation and other business sectors. Moving offline business to online can save a significant amount of resources in generating and transmitting paper documents each year. During the implementation of digital supply chain construction, we managed the group’s commonly used materials and equipment in a refined category, unified standards, specifications, and names, standardized the procurement process of hundreds of project companies in the Group, and transformed information technology into a link between the headquarters’ management center and the field. The network nerves of the front-line execution of the member companies keep the entire group in sync, form a joint force, and improve procurement supply chain execution.
In 2021, the Group carried out the snow and ice removal business for the Winter Olympics to facilitate the smooth Winter Olympics. For the snow melting agent necessary for snow removal business, we strictly implemented relevant requirements of national standards, and widely purchased and used the environmentally-friendly and pollution-free “non-chlorine organic snow melting agent”, which had no damage to the roads and the surrounding soil, and were beneficial to the growth of green trees in the competition area in the coming year, thereby making contribution to building green Winter Olympics
In order to improve the quality of lubricating oil and tire procurement, the Group intensified the assessment on the green qualification of suppliers to realize unified tire supply from industry-leading partners and implement centralized procurement of tires for the whole Group, which solved the problems of the increased usage, shortened vehicle service life and increased environmental pollution caused by the inconsistent quality review standards in the independent procurement of project companies.
The Group always strictly adheres to by the Cybersecurity Law of the People’s Republic of China (《中華人民共和國網絡安全法》), the Personal Information Protection Law of the People’s Republic of China (《中華人民共和國個人信息保護法》), the Civil Code of the People’s Republic of China (《中華人民共和國民法典》), and other laws and regulations. in accordance with the aforementioned laws and regulations, we have established the Group-wide internal management systems, including the Information System Data Backup and Recovery Management System (《信息系統數據備份與恢復管理制度》), the Information Security Incident Management System (《信息安全事件管理制度》) and the Information System Emergency Response Plan(《信息系統應急預案》) to safeguard information security. Zhongyan Property Management, a subsidiary of the Group, strictly complies with the Property Management Regulations of Beijing Municipality (《北京市物業管理條例》) and other relevant regulations and is committed to the principle of protecting the privacy of its customers. In addition, Zhongyan Property Management also has its employees sign confidentiality agreements and service commitment letters to ensure that the privacy of customers is fully protected during its property management services.
The executive management of the Group is responsible for approving security plans and security management systems, coordinating and directing the emergency response to information security incidents, and overseeing the execution of information security management. Heads and technicians of the information management department are responsible for the specific tasks of information security. Additionally, open channels are established to allow employees to report information security risks and potential hazards identified in their work processes. The Group places great emphasis on information security and integrates it into employee performance evaluations. Employees who violate information security or cybersecurity will face penalties in the form of downgrades in their performance ratings.
The Group continuously implements and optimizes the existing security protection measures and ensures that the operating systems are regularly updated with security patches based on the results of security scans. To further prevent disruptions of IT systems and cyber-attacks, the Group has formulated the Information System Emergency Response Plan of Beijing Enterprises Urban Resources Group (《北控城市資源集團信息系統應急預案》) as well as an off-site data backup strategy, setting up an effective emergency response mechanism and conducting two data recovery tests annually. In addition, the Group actively engages in third-party vulnerability analysis, using vulnerability scanning services (VSS) to scan application systems for vulnerabilities and generate analysis reports, and sending the reports to application system vendors for vulnerability fixes. Concurrently, we use enterprise host security (HSS) services to detect and fix host operating system security vulnerabilities, thereby enhancing our ability to handle information system security emergencies and ensuring business continuity and stability. At the same time, we periodically send security reminder emails to employees, alerting them to guard against viruses, phishing, fraud, and other email threats, maintaining vigilance and effectively preventing information risks.
In terms of technical means, to improve server security management, the group carried out technological upgrades in various aspects such as identity verification, access control, security audit, intrusion prevention, malicious prevention, and data integrity.
• Identity authentication: user identity identification is realized, and the security of identity authentication is improved by implementing unified identity authentication, strong password policy , multifactor authentication, etc.
• Access control: the servers of production system, test system and development system are divided into separate areas and isolated from each other. The access control of user behavior is carried out through the fortress machine, and the authority is allocated according to the minimum authorization principle.
• Security audit: through the audit function of the bastion host, based on the unique identification of the user’s identity system, from the user’s login to the system, the user’s operation behavior in the system is recorded in the whole process, and all operations of management systems the user on the target resources are monitored and audited to realize real-time detection and early warning of security events.
• Intrusion prevention: develop a baseline inspection strategy to detect and update system vulnerabilities in a timely manner. Allow intrusion detection, which can detect account brute force cracking, process abnormalities, website backdoors, abnormal logins, malicious processes, and other intrusion behaviors, and detect security threats in assets in real time. Allow the web application firewall to recognize and block web trojan upload, command/code injection, sensitive file access, third-party application vulnerability attacks, malicious crawler scanning, and other attacks.
• Malicious prevention: ensure that malicious programs are isolated, ensure that the identified malicious programs such as backdoors, trojans, worms are automatically isolated, and identify the security risks in the processing system automatically.
• Data integrity: the Group ensure to conduct daily backup of database and regular backup of server
