Information Security Policy


  1. Information security statement

    Everyone pay attention to information security, We can ensure security; Information security well done, We will not worry.
  2. The purpose of information security

    To ensure the confidentiality, integrity and usability of the information assets(including hardware and software facilities, data, information, personnel and services, etc.) of AIDC and comply with the requirements of the relevant laws and regulations. moreover, to avoid internal and external intentional or accidental threats and ensure the AIDC's business operations are not interrupted.
  3. Management objectives

    The information security management objectives of AIDC are regularly set out at the information and communication security management review conference.
  4. Scope

    This policy applies to all operations of AIDC and its related information assets, including personnel (including regular employees, labor dispatch personnel, contractors, visitors and outsourcers), software, hardware, information (related documents and records), services and infrastructure management.
  5. Organization

    AIDC has set up an cross-departmental normal task group "the information and communication security management team", which is convened by the senior vice president and implement the information and communication security management and risk treatment plan.
  6. Management principles

    AIDC's information security management covers 13 information security management matters to avoid improper use, destruction, loss or leakage, such as human negligence, intentional or natural disaster, and other risks and hazards to AIDC. AIDC's information security management matters are as follows:
    6.1. Information security policy development and evaluation
    6.2. Information security organization and authority
    6.3. Security management of information assets
    6.4. Personnel security management and education and training
    6.5. Physical and environmental security management
    6.6. Computer systems and network security management
    6.7. System access control
    6.8. Security management of system development and maintenance
    6.9. Planning and management of business continuity plans
    6.10. Establishment and management of information security accident notification procedures
    6.11. Establishment and management of inspection methods for information security regulations
    6.12. Computer file encryption mechanism and key management
    6.13. Information security management for suppliers
  7. Responsibility

    7.1. AIDC's " The Information and Communication Security Management Team" should review the revised policy in a timely manner and implement it with a high-level executive to ensure that the policy meets the existing requirements.
    7.2. Heads of departments should take the initiative to advocate and require their subordinates to understand and comply with the security policy and all information security requirements.
    7.3. All employees should implement this policy.
    7.4. It is the responsibility of the dispatcher, the contractor and the contracting vendor to comply with this security policy.
    7.5. It is the responsibility of all employees to report the information security incidents or information security vulnerabilities found through appropriate return systems.
    7.6. Any act that endangers the security of information should resort to appropriate penal punishment Procedures or legal action.
    7.7. Relevant information security measures or specifications shall comply with the requirements of the existing law.
  8. Punishment

    If a colleague violates these Provisions and the relevant laws and regulations to endanger the information security of AIDC, the information management unit shall cease its use and inform the parties and his supervisor. If the circumstances are significant, inform the information and communication security management team and security maintenance units, and coordinate the relevant units in conjunction with the investigation.
  9. Reference Document

    9.1 CNS27001/ISO27001:2013 Operating Procedures
    9.2 Government agencies (structure) information security responsibility level grading operations implementation plan
    9.3 Main points of information security management of the Executive Yuan and their respective organs
    9.4 Management specification for information security of the Executive Yuan and and their respective organs