Information security policy


Nantou County Scenic Area Management Institute Global Information Network (hereinafter referred to as this website) respects and protects your security and privacy protection when using the Internet. We hereby explain the information security policy of this website to protect your rights and interests. Read the following:
Collection and use of personal data
According to the provisions of the Personal Data Protection Law and related laws and regulations, only for their specific purposes, as a service provided by the contractor, will not be arbitrarily disclosed to other third parties.

Members have the right to request termination of membership by issuing a signed fax or correspondence.

When using this website, this website will automatically collect the following information: date and time, the page you have taken, the website you are on, the type of your browser, the actions you have taken on the website (such as downloading) and success no. This information may be used to improve the effectiveness of this website.

Monitor the behavior on the website that is heavily loaded on this website.


Information security responsibility and education training
For those who handle sensitive and confidential information and those who need to be given system management authority due to work needs, properly divide the work, decentralize the responsibility and establish an assessment and assessment system, and establish a mutual support system for personnel as needed.

For the personnel who are off (closed, suspended), they shall be handled according to the procedures of the personnel leaving (resting, stopping), and immediately cancel all the rights of using various system resources.

Based on roles and functions, we will conduct information security education training and promotion for different levels of staff, and encourage employees to understand the importance of information security and various possible security risks to enhance employees' information security awareness and promote compliance with information. Safety regulations.


Information security operations and protection
Establish operational procedures for handling information security incidents and give relevant personnel the necessary responsibilities to handle information security incidents quickly and efficiently.

Establish a change management notification mechanism for information facilities and systems to avoid loopholes in system security.

Handle and protect personal information in a prudent manner in accordance with the relevant provisions of the Computer Handling Personal Data Protection Act.

Establish system backup facilities, regularly perform necessary data, software backup and backup operations, so that in the event of disaster or storage media failure, you can quickly return to normal operations.


Network security management
A network that connects to the outside world, set up a firewall to control data transmission and resource access of the outside and internal networks, and perform rigorous identification of operations.

Confidential information and sensitive information or documents are not stored in an open information system, and confidential documents are not transmitted by e-mail.

Regularly check the internal network information security facilities and anti-virus, update the virus code of the anti-virus system, and various security measures.

System access control management

The pass password issuance and change procedures are determined and recorded according to the operating system and security management requirements.

When logging in to each operating system, the account and password of the authorized personnel are set by the information system system administrator according to the system access rights necessary for the personnel at all levels to perform the task, and are updated regularly.