1.   The company's information security policy: "Information security does not distinguish day and night, virus hackers say goodbye"
Strengthen the company's information security management, ensure the confidentiality, integrity and availability of customer and colleague data processing, and ensure that the company's data processing can be secured throughout the process, providing safe, stable and efficient information services.
 

2.  target
2.1. Information Security Policy: (according to Appendix A5~A18)
       2.1.1.   _cc781905- 5cde-3194-bb3b-136bad5cf58d_Provide information security management guidelines and support in accordance with operational requirements and relevant laws and regulations.
       2.1.2.   _cc781905- 5cde-3194-bb3b-136bad5cf58d_Information security policy is defined and approved by management and communicated internally and externally.
       2.1.3.   _cc781905- 5cde-3194-bb3b-136bad5cf58d_The information security policy should be reviewed periodically or in the event of material changes to ensure suitability, relevance and effectiveness.
2.2. Organization of information security:
       2.2.1.   _cc781905- 5cde-3194-bb3b-136bad5cf58d_Establish a management framework to initiate and control the implementation and operation of information security within the organization.
       2.2.2.   _cc781905- 5cde-3194-bb3b-136bad5cf58d_Ensure the safety of working remotely and using mobile devices.
2.3. Human resource security:
        2.3.1.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Ensure that employees and contractors understand their responsibilities and are fit for their roles.
       2.3.2.   _cc781905- 5cde-3194-bb3b-136bad5cf58d_Ensure that employees and contractors recognize and fulfill their information security responsibilities.
       2.3.3.   _cc781905- 5cde-3194-bb3b-136bad5cf58d_Incorporate protection of organizational interests as part of the hiring change or termination process.
2.4. Asset Management:
        2.4.1.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Identify the organization's assets and define appropriate responsibilities to protect.
        2.4.2.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Ensure that all assets are protected at the appropriate level of importance to the organization.
        2.4.3.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Prevent unauthorized disclosure, modification, removal or destruction of information stored in the media.
2.5. Access Control:
        2.5.1.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Restrict access to information and information processing facilities.
        2.5.2.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Ensures access to authorized users and avoids unauthorized access to systems and services.
        2.5.3.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_ Make users responsible for preserving their identifying information.
        2.5.4.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Protect systems and applications from unauthorized access.
2.6. Cryptography:
        2.6.1.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Set up encryption mechanisms in accordance with regulations, customer requirements and risk of information assets.
        2.6.2.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Controls the acquisition, installation, recovery, backup and rollover of encryption keys.
2.7. Physical and Environmental Security:
        2.7.1.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Protection of organizational information and information processing facilities from access, damage and interference by unauthorized entities.
        2.7.2.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Protection against loss, damage, theft or cracking of assets and interruption of organizational operations.
2.8. Operational Safety:
        2.8.1.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_ensure the correct and safe operation of information processing facilities.
        2.8.2.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Secure information and information processing facilities to protect against malicious software.
        2.8.3.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Prevent data loss.
        2.8.4.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Record events and produce evidence.
        2.8.5.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Ensure the integrity of the operating system.
        2.8.6.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Prevent the exploitation of technical vulnerabilities.
        2.8.7.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Minimize the impact of audit activities on operating systems.
2.9. Communication Security:
        2.9.1.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Ensure the protection of information on the Internet and the information processing facilities it supports.
        2.9.2.   _cc781905 -5cde-3194-bb3b-136bad5cf58d_Protect the security of information transmitted within the organization and with any external individuals.
2.10. System acquisition, development and maintenance:
        2.10.1. 確保資訊安全係跨越整個生命週期之整體part of the information system. This also includes requirements for information systems that provide services over public networks .
        2.10.2. 確保於資訊系統之開發生命週期內， Design and implement information security.
      _cc781905-5cde-3194-bb2.
2.11. Supplier Relations:
        2.11.1. 確保對供應商者可存取之組織protection of assets.
        2.11.2. 維持資訊安全及服務交付之議定等級與supplier agreement.
2.12. Information Security Incident Management:
        2.12.1. 確保對資訊安全事故之管理的一致及Effective practices, including communication of security incidents and vulnerabilities.
2.13. Information security aspects of operational continuity management:
        2.13.1. 資訊安全持續應嵌入組織之營運持續管理in the system.
      _cc781905-5cde-3194-bb23b_cf58d_     _cc781905-5cde-3194-bb23b-cf58d_ _cc781905-5cde-3194-bb23b-13.13.
2.14. Compliance:
        2.14.1. 避免違反有關資訊安全相關之法律、法令, regulatory or contractual obligations, and any safety requirements.
        2.14.2.   Ensure that information security is implemented and operated in accordance with the organization's policies and procedures.