Security Policy

  • Collection and Utilization of Personal Data
    The personal data will be used to the provision of commissioned services for the specific purposes pursuant to Personal Data Protection Act and the relevant laws, and will never be disclosed to a third party.
    The Website will collect the following information automatically when you are using the Website, date and time, webpages captured by you, your IP address, the type of the browser you are using and whether your activities (e.g. download) on the Website are successful nor not. The information might be utilized for the purpose of enhancing the Website's performance.
    The Website will monitor any activities of the IP which causes heavy load to the Website.
  • Information Security Responsibility and Education Training
    The Website will properly break down the work of the staff dedicated to processing any sensitive and confidential data and the staff to be granted the system administration authority to meet the needs for work, disperse their responsibilities and establish the evaluation and appraisal system, and also the reciprocal supporting system for the staff subject to the circumstances.
    The resignation (suspension and dismissal) of the staff shall be handled in accordance with the procedure for staff’s resignation (suspension and dismissal), and the authority of such staff to access the various system resources will be cancelled subject to their role and competency. The Website will hold information security education training and promotion with respect to the staff at different levels subject to the circumstances, to enable employees to understand the importance of information security and the various possible security risks, and enhance the employee awareness about information security and urge them to comply with the information security requirements.
  • Information Security Operation and Protection
    Establish an operating procedure for responding to information security events, and impose the relevant staff the necessary liability to deal with the information security events effectively and rapidly.
    Establish the information facility and system change management reporting mechanism to prevent any bugs in the system security.
    Process and protect personal data pursuant to the relevant requirements provided in the Computer Processing Personal Data Protection Act.
    Establish the real time replication facility to execute the necessary data, software backup and real time operations periodically, so that normal operations may be recovered rapidly in the case of disaster or malfunction of storage media.
  • Network Security Management
    Set up a firewall at the network intersections connected with external networks to control the data transmission and access to resources between the external networks and intranet and to execute the strict ID identification operation.
    No confidential or sensitive data or documents will be saved in the information systems open to the public. No confidential documents will be sent via email.
    Audit the information security facility and anti-virus system in the intranet periodically, and update the virus code of the anti-virus system and the various security actions.
  • System access control management
    Define the procedure for granting and change of password subject to the operating system and security management needs, and record it.
    The system administration staff of Information Office shall set the user’s account and password for the authority to be granted to the various staff subject to their needs to execute mission when they log into the various operating systems, and shall update the account and password periodically.