::: 2018-03-22 Thu
Location: index > Others > Security Policy

Security Policy

  • Date: 2013/3/7      
  • View Date: 2018/1/29      
  • Department: Information Management Office

System access control management

  • Depending on operating system and security management requirements, set up a password confirmation and modification procedure and keep a record.
  • Assign access rights to personnel of all levels depending on job requirements. Account numbers and passwords to restrict access must be distributed by system administrators and changed on a regular basis.

Network security management

  • Install a firewall to control transfer of internal network data and access from outside networks and establish a rigorous identification procedure.
  • Do not store confidential and sensitive data and files in a system open to the outside world. Do not e-mail confidential files.
  • Conduct regular internal network data security and virus checks, and update virus definitions and other security measures.

Information security and protection

  • Establish a procedure to handle information security events and assign relevant personnel with the responsibility to deal rapidly and effectively with information security events.
  • Establish a change management reporting mechanism for information infrastructure and systems to avoid security leaks.
  • Carefully handle and protect personal information in accordance with provisions of the Computer-Processed Personal Data Protection Act.
  • Set up a system backup facility to perform regular backups of necessary information and software to ensure speedy recovery of normal operation during breakdowns or storage media failures.

Information safety rights training

  • Assign appropriate job responsibilities and distribution rights and set up an evaluation and examination system and if necessary, a mutual support system for personnel who handle sensitive or secret information or whose job requires them to have system administration rights.
  • Deal with personnel who take leave, retire, or are suspended in accordance with the established procedure for such cases and immediately withdraw their access rights to the various system resources.
  • Provide information security education and training to personnel at different levels based on their role and function. To improve knowledge of information security and observance of security regulations, encourage personnel to gain an understanding of the importance of information security and potential security risks.
  • [主題]財政經濟
  • [施政]國庫
  • [服務]其他

● Civil Services Hours:Monday to Friday 08:30 ~ 12:30 & 13:30 ~ 17:30

● Address:3F., No.2, Aiguo W. Rd., Taipei City 10066, Taiwan, R.O.C.

● TEL:+886-2-2322-8000 FAX:+886-2-2392-9209


Copyright by the National Treasury Administration,Ministry of Finance

Best browse in 1024x768 pixel with IE9 , Firefox 3.6 or Google Chrome16.0 above Accessibility Website Design .