Purpose
All information service systems and equipment established by the Home For The Disabled Bureau Of Social Affairs Of Kaohsiung City Government will serve as communication channels between government bodies of all levels, private institutions, and civilians, as well as for the daily operations of internal staffs. To reinforce the confidentiality and information security of public administration, this policy has been developed to secure the collection, processing, transmission, storage, and distribution of data.
Policy Statement
To reinforce information security and safeguard the operations of this department while protecting the public interest from theft, corruption, or loss of data due to outside threats or negligence by internal staffs, the Information Security Policy of this department has been established as follows:
- Appropriate measures permitted by relevant regulations will be taken to reinforce the information security of this department, including personnel, equipment, system, information, data, and network, etc.
- Users must apply for rights to access confidential information within a given authority, and to commit to the rightful process, transmission, and storage of information, during which authority was granted.
- Establish a secured and reliable environment free from negligent or malicious alterations to the information or the system.
- Ensure that intellectual property and personal information are under proper protection and free from misuse.
- Evaluate the extent of possible damages from natural or man-made disasters to this department; ensure the continuous administration of key operations by establishing disaster prevention policies and recovery plans.
- Supervise the enforcement of information security by all personnel of this department. Raise the level of information security awareness through learning programs to develop a common understanding that information security is everyone's responsibility.
- The sound operation of various information systems is crucial to the public image and operation of this department; an Information Security Management System (ISMS) must be established to guide our reinforcement and minimize the risk of threats to information security.
- Any violations to this policy or other information security-related regulations are subject to police disciplinary reviews or penalties asset out in the relevant regulations.
Applicability
All internal staffs, civilians, visitors, and institutions and private firms etc who have a business relationship with this bureau must abide to this policy when accessing information provided by the bureau.
Execution
- All unit supervisors of this bureau have the responsibility to supervise the execution of this policy and any related regulations.
- All internal staffs of this bureau must develop a full understanding of this policy and any related regulations, and commit to enhance information security.
- All personnel who is able to access information relating to the operations of this bureau must take proper measures to secure the information. Civilians, institutions and private firms who have a business relationship with the bureau must comply with the bureau's information security requirements.
Policy Amendment
- This policy will be reviewed at least once every year and amended based on changes in operations, technological development, or risk evaluation. This policy may be revised at any time when necessary given any developments of new regulations, technology, operations or other circumstances to ensure the effectiveness of our information security.
- This policy and all subsequent amendments need to be reviewed by the ISMS Review Commission, and will be implemented once approved by the Director.
|