Information Security Policy

資通安全政策

In order to maintain the smooth operation of the data communication system, data communication service and network status, reduce the risk of human error, intentional or natural disasters etc.. Prevent unauthorized access,use, control, leakage, destruction, tampering, destruction or For other violations, ensure the confidentiality, integrity and availability of information assets, and specify the information security policy.

1.Formulate various information security management regulations, and the government promulgates regulations (such as the Information Security Management Law and related sub-laws, etc.) for implementation.

2.Pay attention to the security development situation of Infocom, identify changes in internal and external issues and the interaction between the needs and expectations of stakeholders, analyze risks, formulate countermeasures and take measures to reduce their impact on operations.

3.Set up an information security organization system, and assign positions and powers to promote protection work and fulfill management responsibilities.

4.Implement data communication safety education and training to ensure that employees are aware of data communication safety responsibilities to enhance protection awareness.

5.Regularly count information assets, and use the risk assessment mechanism to effectively manage and control impact projects.

6.Strengthen physical and equipment protection, regularly perform maintenance and maintenance, and maintain normal operation.

7.Establish network transmission rules to protect sensitive and documented information from unauthorized access and tampering.

8.Implement security audits of Infocom, inspect and discover problems, propose countermeasures and take corrective measures.

9.Through the emergency response plan, regular drills are implemented to prepare for emergencies and quickly resume operations.

10.Outsourced manufacturers and personnel should sign a security agreement in accordance with the contract before they can perform information-related operations.

11.The information security policy should be regularly evaluated to reflect the latest status of information security management, laws, technologies and operations, and to ensure the feasibility and effectiveness of the information security practice.

為維持資通系統、資通服務及網路狀態之營運能順利運作，降低人為疏失、蓄意或天然災害等風險，防止未經授權之存取、使用、控制、洩漏、破壞、竄改、銷毀或其他侵害，確保資訊資產之機密性（Confidentiality）、完整性（Integrity）及可用性（Availability），特訂定資通安全政策。

1. 制定各項資通安全管理規定，參照政府法令法規（如：資通安全管理法及相關子法等）辦理。
2. 關注資通安全發展情勢，鑑別內外部議題變化及利害關係者需求與期望之交互作用，分析風險、擬定因應對策並採取措施，降低其對營運之衝擊。
3. 設置資通安全組織體系、賦予職務與權責；以推動防護工作、善盡管理責任。
4. 落實資通安全教育訓練，確保員工認知資通安全責任，以增進防護意識。
5. 定期清點資訊資產，運用風險評鑑機制，有效管控衝擊項目。
6. 強化實體與設備防護，定期執行保養與維護，維持正常運作。
7. 訂定網路傳輸規則，保護機敏文件化資訊，防止未經授權之存取與竄改。
8. 實施資通安全稽核，檢視並發掘問題，提出對策並採取矯正措施。
9. 透過緊急應變計畫，定期實施演練，預應突發事件，迅速回復營運。
10. 委外廠商及人員應依據合約簽屬保密切結書，始可執行資訊相關作業。
11. 資通安全政策應定期進行評估，以反映資通安全管理、法令、技術及營運之最新狀況，並確保資通安全實務作業之可行性及有效性。