01. The company's various information security management regulations must comply with relevant government regulations (such as: “Information Security Management Law”, “Information Security Management Law Implementation Rules”, “Personal Data Protection Law”, “Personal Data Protection Law Implementation Regulations”, “Business Secret Law” and “Copyright Law”).
02. The “Information Security Promotion Organization” is responsible for the establishment and promotion of the information security system.
03. Regularly implement information security education and training to publicize information security policies and relevant implementation regulations.
04. Establish a management mechanism for information hardware facilities and software to coordinate allocation and effective use of resources.
05. The new information system should incorporate information security factors before the construction to prevent the occurrence of situations that endanger the security of the system.
06. Establish physical and environmental security protection measures for the computer room, and perform relevant maintenance on a regular basis.
07. Clearly regulate the use rights of information systems and network services to prevent unauthorized access.
08. Formulate an internal audit plan for information security, and regularly review the use of personal computers and the implementation of information security systems.
09. Formulate an operation continuity plan for information security and conduct actual drills to ensure the continuous operation of the company's business.
10. All personnel of the company are responsible for maintaining information security and should abide by relevant information security management regulations.
11. The information security policy should be evaluated regularly to reflect the latest status of government information security management policies, laws, technologies and the company's business, and to ensure the feasibility and effectiveness of the company's information security practices.