Information Security Policy Announcement
The purpose of information security management is to protect information against intentional or accidental threats, either internally or externally generated, and maintain the confidentiality, integrity and usability of information. Therefore, carrying out this policy is essential.
The objectives of the information security policy of the Commission are as follows:
1. Show the determination and commitment of the Commission to provide a safe operational environment.
2. The Commission will carry through the e-government plan and develop long-term guidelines for information system application programs.
3. Verify the basic evaluation methods for information security activities, and make sure that the resources are effectively applied in information security activities.
4. Provide the infrastructure requirements for information system and network design, and as a basis for purchasing specifications.
5. As the fundamentals of the information security manual of the Commission.
6. As the behavior code for the Commission's use of information systems; through effective education and training on information security, to ensure that all colleagues understand it and prevent the related personnel from infringing the rules by reason of a lack of knowledge concerning the behavior code.
7. As the basis for the auditing actions conducted by the internal auditing units and personnel of the Commission.
Information is a valuable asset of the Commission, and the continuous operation of service depends on the integrity and continuous usability of information. Abiding by the regulations on information security can protect information against unauthorized use, modification, disclosure or damage, whether accidental or intentional.
To protect these assets is a fundamental responsibility of all colleagues of the Commission:
1. Ensure these assets are only used for purposes approved by the management.
2. Follow the security regulations and procedures set forth in the information security management system of the Commission.
3. All colleagues should precisely understand their responsibilities for protecting these assets.
According to the principle of being simple, easy to memorize and conforming to the objectives of information security management, the Commission states the information security policy as follows: "Information security, the responsibility of you and me!