Information Security Policy
Collection and use of personal information
- In accordance with the provisions of the Personal Data Protection Law and related laws and regulations, it will only be used for the service provided for its specific purpose, and will not be arbitrarily disclosed to other third parties.
- When using this website, this website will automatically collect the following information: date and time, the webpage you retrieved, the URL you are at, the type of your browser, the actions (such as downloads, etc.) you have performed on the pages of this website and the success Or not. This information may be used to improve the performance of this website.
- To monitor the behavior on the website that causes a heavy load on this website.
Information security rights and responsibilities and education and training
- For personnel handling sensitive and confidential information and those who need to be assigned system management authority due to work needs, properly divide labor, decentralize powers and responsibilities, establish an evaluation and assessment system, and establish a mutual support system for personnel as needed.
- For retired (off, suspended) personnel, follow the procedures for handling resignation (off, suspended), and immediately cancel all rights to use various system resources.
- Based on roles and functions, for different levels of personnel, information security education, training and advocacy are conducted according to actual needs to encourage employees to understand the importance of information security and various possible security risks, so as to enhance employees' information security awareness and promote their compliance Information security regulations.
Information security operation and protection
- Establish operating procedures for handling information security incidents, and instruct relevant personnel with necessary responsibilities in order to quickly and effectively handle information security incidents.
- Establish a change management notification mechanism for information facilities and systems to avoid loopholes in system security.
- Prudent handling and protection of personal information in accordance with the relevant provisions of the Personal Data Protection Law on Computer Processing.
- Establish a system backup facility to regularly perform necessary data, software backup and backup operations, so that in the event of a disaster or storage media failure, normal operations can be quickly restored.
Network security management
- For branches connected to external networks, firewalls are set up to control data transmission and resource access between external and internal networks, and perform rigorous identification operations.
- Confidential and sensitive information or documents are not stored in an open information system, and confidential documents are not sent by email.
- Regularly check the internal network information security facilities and anti-virus, and update the virus code of the anti-virus system and various security measures.
System access control management
- According to the operating system and security management requirements, the pass password issuance and change procedures are established and recorded.
- When logging in to each operating system, according to the system access permissions necessary for personnel at all levels to perform tasks, the information room system manager sets the account and password granted with the authority, and updates them regularly.