:::

Information Security Policy

Collection and Application of Personal Information

  1. In accordance with the “Electronic Personal Information Protection Law” and associated laws and regulations, the information collected will only be used for the provision of service for the purposes specified and will not be arbitrarily revealed to any third party.
  2. When you use this website, it automatically collects the following information: date and time, the webpages you access, the website you access information from, your browser type, the actions you have taken on the website’s pages (e.g. download, etc.).
  3. Supervision will be conducted on websites and IP addresses where behavior that causes a heavy burden upon this site come from.

Authorization and Duties concerning Information Security and Education Training

  1. For personnel who handle sensitive and confidential information and personnel whose work requires system management authorization, appropriate division of labor as well as distribution of authorization and duties should be carried out, assessment and evaluation systems should be established, and a personnel mutual-support system should be created if needed.
  2. For personnel whose employment has been terminated, who are suspended from duties, and who leave their posts temporarily, authorization to using all system resources should be immediately cancelled in accordance with management procedures that govern the termination of employment, duty suspension, and leaving a post temporarily.
  3. Education training and orientation should be given to personnel of all levels based on their roles and competence to promote employees’ understanding of the importance of information security and various security risks in an effort to improve their security awareness and to encourage their observation of information security regulations.

Information Security Operation and Protection

  1. Operational procedures for handling information security incidents should be established with necessary responsibilities assigned to associated personnel so as to handle information security incidents efficiently and effectively.
  2. An alteration management reporting system should be established for information facilities and systems to prevent any loopholes in the system security.
  3. Personal information is handled and protected carefully in accordance with the “Electronic Personal Information Protection Law” and associated regulations.
  4. System backup equipment is established for regular data, software backup, and relocation operations so that operations can return to normal in the shortest time possible should any disaster occur or storage media break down.

Network Security Management

  1. Firewalls are established for intra-sites that link to the extranet to control and manage data transmission and resource access and to conduct careful identity management.
  2. Confidential and sensitive data or documents will not be stored in information systems that are open to the outside world and will not be transmitted via e-mails.
  3. Regular checks are conducted on the network information security facilities and anti-virus functions. Virus patterns in the anti-virus system will be updated while various security measures will be taken on a regular basis.

System Access Control Management

  1. Access codes will be issued and alteration procedures be established and recorded in accordance with the operation system and security management requirements.
  2. IDs and passwords for logging on each operation system that are set up, authorized, and regularly updated by the information system administrators will be granted to personnel of all levels as required by their tasks.