跳到主要內容

Information Security Policy

Personal Information Collection and Use

  • Personal information will be used only for specific purpose related to the service the SRWC provides and will not be disclosed to any third party in accordance with the Personal Data Protection Act and other relevant regulations.
  • When you use the SRWC website, we will automatically collect the following information: date and time, the webpage you request, URL you are on, your browser type, and any action (such as downloads, etc.) and whether that action was successful. The information may help improve the performance of our website.
  • The SRWC will monitor any action which may cause a heavy load to our website.

Information Security Personnel Management and Education

  • For employees who deal with sensitive and confidential information and those who are entitled to manage systems because of job requirement, clear division of labor will be arranged in order to disperse rights and duties; and evaluation and examination systems will be established, as well as mutual support systems.
  • For employees who resign (ask for leave, suspended from duties), all related security measures should follow concerned procedures and the authorization to all systems will be terminated immediately.
  • Depending on positions and occupational ability of different levels of employees, education and training for information security will be conducted, in order to help them understand the importance and all possible risks, and to enhance the awareness of conforming to the relative regulations accordingly.

Information Security Authority and Education Training

  • For employees who deal with sensitive and confidential information and those who are entitled to manage systems because of job requirement, clear division of labor will be arranged in order to disperse rights and duties; and evaluation and examination systems will be established, as well as mutual support systems.
  • For employees who resign (on leave, or suspended from duties), all related security measures should follow concerned procedures and the authorization to all systems will be terminated immediately.
  • Depending on positions and occupational ability of different levels of employees, education and training for information security will be conducted, in order to help them understand the importance and all possible risks, and to enhance the awareness of conforming to the relative regulations accordingly.

Information Security Procedures and Protection

  • The SRWC will establish operation procedures for information security issues, and impose necessary responsibilities on employees concerned in order to respond to any related event promptly and efficiently.
  • The SRWC will establish reporting mechanisms for information systems and facilities change management to avoid loopholes in security.
  • The SRWC will process and protect personal information with caution in accordance with related provisions of Personal Data Protection Act.
  • The SRWC will establish system backup facilities for a periodical update/backup of essential data and software to be able to restore all data immediately during natural disaster or storage media failure.

System Access Control Management

  • The SRWC will set up password issuance and change procedures based on operating system and security management requirement, with records prepared.
  • The SRWC system management staff will be responsible for granting operating systems account and password according to different authority and perform updates regularly.