:::

Information Security Policy

-Information Security Policy-
For the purpose of website safety and to ensure continuous offering of this service to all internet users, this website hereby provides the following safety protection measures:
Collection and Utilization of Personal Information
• Personal Information Protection Act and related regulations shall be followed. Utilization of personal information shall only be based on specific purpose and for the offering of services to fulfill such purpose. Personal information shall not be disclosed to other third party without legitimate reasons.
• This website will collect the following information automatically during your utilization of it: date and time, web pages from your selection, websites that you visit, type of your browser, action(such as download) that you do to this website and if such an action is successful. Such information can be used to enhance efficiency of this website.
• Monitor will be conducted on website action which causes heavy load to this website..
Responsibility and Education Training on Information Safety
• Appropriate division of labor, dispersion of authority, establishment of evaluation and review system must be implemented on personnel that handle sensitive and confidential information as well as those who are given system management authority because of the needs from their work. Back-up system among staffs should also be established when needed.
• Handling processes for resigned (dismissed or suspended) staff shall be implemented on resigned (dismissed or suspended) staff. Authority on the utilization of various system resources shall also be cancelled immediately.
• Based on roles and functions of jobs and focuses on different levels of staff, information safety education training and promotion shall be implemented depending on actual needs. This is to enable employees to understand the importance of information safety and various safety risks in order to enhance their awareness of information safety as well as compliance with information safety rules.
Information Safety Operation and Protection
• Operation process for handling information safety incidents shall be established. Necessary responsibilities will be designated to related personnel to ensure speedy and effective handling of information safety incidents.
• Reporting mechanism on changing and management of information facility and system will be established to avoid leakage on system safety.
• Related rules of Computer Processed Personal Information Act shall be followed to ensure cautious processing and protection of personal information.
• System back-up facility will be established. Periodic back-up operation on necessary materials and software will be implemented to ensure speedy reverting to normal operation in the event of disaster or invalidation of stored media.
• Safety maintenance emails from related operation system vendors or application vendors will be received automatically and appropriate modification programs shall be installed following recommendations raised in such emails.
Internet Safety Management
• Firewalls will be established on the nodes connecting exterior internet in order to control data transmission and retrieval of resources between exterior and interior internets and implement rigorous ID identification operation.
• Confidential and sensitive materials or documents shall not be stored in information systems open to exterior environments. Confidential information shall not be delivered via emails.
• Periodic checking on interior internet information safety facility and virus prevention will be implemented. Virus codes for anti-virus system and various safety measures will also be updated in order to provide users with a safer webpage browsing environment.
Control Management Over System Retrieving & Storing
• Process for access code issuance and changing will be drafted and recorded depending on the needs of operation system and safety management.
• Upon login onto various operation systems, information system management personnel will set up account number and password for designated authority with regular update based on necessary system retrieval and storage authority for various levels of staffs during their implementation of tasks.
 
Content