Website Security Policy
-
Collection and utilization of personal information
The information collected will be used for providing services for specific purposes as required by the Personal Information Protection Act and applicable laws, and will not be disclosed any third party without permission.
The following information will be collected when you are using the website: time and date, the webpages you are accessing, the web address you are currently at, the type of your browser, the actions you have done to the webpages in the website (e.g. downloading) and whether there are successful. The information may be used to improve the performance of this website.
The actions done on a web address which create significant loads to the website will be closely monitored.
-
Responsibility and training for information security
Those who are designated to process sensitive and confidential materials and those who are authorized for system management will be given the proper portion of workloads and duties, and an evaluation and auditing system will be established for this purpose. A supporting system among the staff will be created as appropriate.
The resignation procedure or other procedures shall apply to those who resign, take leaves or are suspended, and the authorization for system access will be cancelled immediately in pursuant to Procedures of Staff Resigned, Taking Leaves or Suspended.
Based on the role and duties, staff of different levels will be given information security training and courses as practically needed to help the staff understand how important information security is and possible security risks, to improve their knowledge about information security and encourage them to observe information security requirements.
-
Information security operation and protection
A procedure to deal with information security incidents shall be established and staff given responsibilities to quickly respond to information security incidents.
A change management and reporting mechanism shall be established for information facility and system in order to eliminate system security breaches.
Personal information and be processed and protected carefully according to the Personal Information Protection Act.
A system backup facility shall be established and data and software backups performed periodically to allow immediate restoration of normal operation in case of disaster or storage media failure.
-
Website security management
Firewall shall be established at the nodes connecting to outside networks to monitor data transmissions and resource access between internal and external networks. Rigorous identification shall be performed.
Confidential and sensitive data or documents shall not be stored in an information system open to the public. Transmission of confidential documents via email is not allowed.
Internal network information security facility checks and virus scans shall be carried out periodically. Virus codes of the anti-virus system and other security measures shall be updated constantly.
-
System access control management
Password approval and change procedure shall be established and documented depending on the operation system and security management needs.
Staff members shall be given the proper system access corresponding to their duties when logging in. The user account and password shall be authorized by information system administrator and updated periodically.