分享至:
友善列印

Information Security Policy

The collection and use of personal information

In accordance with the provisions of the Personal Information Protection Act and the relevant laws and regulations, your personal information will not be arbitrarily disclosed to other third parties except for the specific purposes of carrying out the services provided.

When using this website, the site will automatically collect the following information: Date and time, the data capture of the web page you retrieved, your website address, your web browser type, and actions you have taken on this web site (such as downloads, etc.). Monitoring of actions on addresses that cause a significant load on this website.


Information Security Rights, Responsibilities and Educational Training

Appropriate division of labor, decentralization of responsibilities and establishment of assessment and appraisal systems for personnel dealing with sensitive, data confidentiality and those who are required to exercise managerial authority over the system because of their job requirements, and establishment of mutual support systems for personnel as necessary.

For resigning (going on vacation, suspended) staff, it shall be handled according to the procedures for the separation (going on vacation, suspension) of staff and immediately cancel all the rights to use the various system resources.

Based on roles and competencies, the Information Security Education Training and promotion are tailored to the needs of personnel at different levels, prompting employees to understand the importance of information security and possible security risks, so as to raise awareness of staff and promote compliance with information security requirements.

 

Information Security Operations and Protection

Establish an operating procedure that handles information security incident(s) and assign the necessary responsibilities to the relevant personnel to process information security incident(s) quickly and efficiently.

Establish an information facility and system change management notification mechanism to avoid loopholes in the system security.

Cautiously handle and protect personal information in accordance with the provisions of the Personal Information Protection Act.

Establish a system backup facility to perform the necessary information, software backup and backup operations on a regular basis so that in the event of a disaster or storage media failure, normal operations can resume quickly.

 

Cyber Security Management

A network node connected to the exterior, a firewall is set up to control the transmission of information and access to resources from the exterior and intranet and to perform rigorous identification operations.

Confidential and sensitive data or the file cannot be stored in the open information system. Confidential files shall not be sent by e-mail.

 

System Access Control Management

Establish and document procedures for issuing and changing passwords, according to the operating system and security management requirements.

When logging into each operating system, the information system webmaster sets the account number and password to be granted, and updates them periodically, depending on the system access authority necessary for the task to be performed by each level of personnel.