The first layer is the manager's representative, who is the first person responsible for information security in this unit.
The second layer is the internal audit institution, which is responsible for the continuous improvement of the unit.
The third layer is the Information Security Committee, which is composed of the competent leaders of various information security departments and is responsible for the coordination among various information security departments.
The fourth level is the specific offices, including the information security department, to implement information security work.