Home To All, Kinmen CountyHome To All, Kinmen County

Da-Shi-ZiLetter No.101000399 on February 15^th, 2012 

1. Kinmen County Home to All established this policy to strengthen itsinformation security management, ensure the confidentiality, integrity andavailability of information, the reliability of information equipment(including computer hardware, software and peripheral equipment) and networksystems, the awareness of personnel to information security, and ensure thatthe abovementioned information resources are not interfered with, damaged,intruded or harmed by any actions and attempts.
2. A list of information assets specifying the owner and grade will becompiled for risk evaluation. Risk management will be implemented forinformation assets with risk above the acceptable level, so as to effectivelylower the risk, and further control measures will be subsequently carried out.
3. Necessary assessments must be carried out when recruiting personnel andnew personnel must sign related operating rules. Employees are required toparticipate in information security training to raise their awareness of informationsecurity.
4. Linking the external network to the internal network is strictlyprohibited. A fire wall shall be set up between external and internal networks.Appropriate backup or monitoring mechanisms shall be established for importantequipment to maintain availability. Employees shall install anti-virus softwarein the personal computers and periodically update its virus pattern. The use ofunauthorized software is prohibited. 
5. Employees are responsible for the safekeeping and use of their account,passwords and authorization. Administrators shall periodically check accountsand remote backup important operating data each year.
6. The use of P2P and BT software for data search and file download isstrictly prohibited.
7. Confidential information and documents may not be sent by e-mail or otherelectronic forms.
8. When outsourcing information operations,information security requirements shall be established in advance, and thecontractor’s liability and confidentiality clauses shall be included in thecontract. Periodic assessments of the contractor’s performance shall be carriedout.
9. For the procurement of information software and hardware, informationsecurity requirements shall be in accordance with national standards orinformation security standards set forth by the competent authority, and shallbe included in the procurement specifications.
10. A suitable response andreport mechanism shall be designed for information security incidents andweaknesses, so as to immediately make a suitable response to informationsecurity incidents and avoid further damage.
11. A sustainable operation planshall be established, periodically executed, and continuously updated.
12. Employees shall implement theconfirmation and review mechanism for daily operations to maintain thecorrectness of data. Administrators shall supervise compliance with theinformation security system, and strengthen employees’ information securityawareness and legal concepts.
    
13. In the event personalinformation or important data is leaked due to a violation of this policy, theuser shall bear civil and criminal liability, and shall be responsible forcompensating any damages that are sustained.
    
14. This information securitypolicy shall take effect after being approved by the director. The same shallapply for any future revisions.