1.The Goal of the Information Security Policy 1.1.One of the goals is to ensure the security of the data, system, equipment, and network; effectively to reduce the risks of pilferage, misuse, exposure, falsification, and damage to information assets as the result of human error, deliberate sabotage, and natural disasters; and to set up the guidelines of information security management. 1.2.One of the goals is to ensure the confidentiality, integrity, and availability of information, explained as following: 1.2.1.Confidentiality: To ensure the information is accessible only by authorized personnel. 1.2.2.Integrity: to ensure the correctness of information. 1.2.2.Availability: To ensure that authorized personnel can acquire the information they need.
2.Content of Information Security Policy 2.1.The information security management regulations set forth by the Examination Yuan must satisfy governmental laws and regulations (such as Criminal Law, the Classified National Security Information Protection Act, Patent Act, Trademark Act, Copyright Act, and Computer-Processed Personal Data Protection Law). 2.2.The Information Management Office (abbreviated as The office) is in charge of the establishment and implementation of the information security system. 2.3.The office will implement regular education and training regarding information security to make the personnel aware of the information security policy, relevant laws and regulations. 2.4.The office will set up a mechanism of managing information hardware and software to allocate and make use of the entire information resources of the Examination Yuan. 2.5.The office will incorporate information security factors into a new information system before its implementation to prevent potential damage. 2.6.The office will establish the safe facilities and environment of computer server rooms and regularly maintain computer facilities. 2.7.The office will specify the access authority of information system and network services to prevent any unauthorized access. 2.8.The office will make the plan of regular internal information security audit to check all computer situation of usage. 2.9.The office will make disaster recovery plans in order to secure information operations. 2.10.All personnel should undertake responsibility for the maintenance of information security, and abide by all regulations of information security management. Besides, people with meritorious performances should be awarded in line with the situation.
3.Evaluation of information security policy To ensure the feasibility and validity of information security operations of the Examination Yuan, regular evaluation of information security policy should be implemented to conform to governmental information security policies, decrees, technology, and the latest status of the Examination Yuan.