Information Security Policy

Personal Information Collection and Use

• Personal information will be used only for specific purpose related to the service we provide and will not be disclosed to any third party in accordance with the Computer-Processed Personal Information Law and other related regulations.
• When you use our website, we have rights to automatically collect the following information: date and time, the webpage you request, URL you are on, browser type, any action (such as downloads, etc) whether that action was successful or not. The information may help improve the efficiency of our website. And we monitor any action which may cause a heavy load to our website.

Confidentiality Security and Training

• For employees who deal with sensitive and confidential information, and those who are entitled to manage systems because of job requirement, clear division of job in order to disperse rights and duties should be arranged; and evaluation and examination systems should be established; as well as mutual support systems.
• For employees who resign (ask for leave, suspended from duties), all related matters must follow concerned procedures and the authorization for all systems must be cancelled immediately.
• Based on the position and occupational ability of different levels of employees, education and training for information security should be conducted depending on the actual situation in order to make employees understand the importance and all possible risks, and enhance awareness to conform to the relative regulations accordingly.

Information Security Procedure and Protection

• We have operating procedures for information security issues, and impose necessary responsibility to employees concerned in order to tackle with these matters rapidly and efficiently.
• We have informing system for change management of information facilities and systems to avoid loophole in security.
• We process and protect personal information cautiously in accordance with related provisions of Computer-Process Personal Information Law.
• We carry system backup facilities, and update/backup necessary data and software periodically in order to be able to restore all data swiftly in case of damage or failure of saving media.

Management of Internet Security

• We establish firewalls to monitor data transmission and resource access between the external and the internal network at our link, and strictly conduct identity recognition operation.
• Any confidential and sensitive information or document is neither stored in open system nor delivered by e-mail.
• We periodically examine and inspect internal network for information security, latest virus code and other security measures.

System Access Control Management

• We set up password issuance and change procedures depending on operation system and security management requirement, and record it.
• The information center management staff should assign authorization account and password for employees to log in each system according to necessary authorization of each staff level, and update them regularly.