Information Safety Statement of Fisheries Agency, Council of Agriculture, Executive Yuan
This statement is
made to achieve the following operational and management goals of the Fisheries
Agency, Council of Agriculture, Executive Yuan and its affiliated departments.
- Uninterrupted operation of digitalizing the information system for core business
will be promoted to maintain the effectiveness of internal systematic
administration thus maximizing the quality of information service to the public.
- All data collected, processed, and utilized will treated in the manner
of confidentiality, completeness, and accuracy.
- The collection, processing, and utilization of personal data will be
conducted in accordance with the requirements of the Personal Data Protection
Law.
I. Scope of Applications
1. Management System
This policy is applicable to the data security
system and personal data information system.
2. Organizations:
(1) Information Security
Management System
Applicable to all personnel in different departments
and affiliates of FA, business counterparts, contractors, outsourcing business
counterparts, visitors, and all users of FA’s information services.
(2) Personal Data
Management System
Applicable to all personnel in charge of FA
business in various departments, departments of business contacts, and
outsourcing businesses commissioned by FA to collect, process, or utilize
personal data.
II.
Policy Requirements
1. FA will consolidate the enforcement of the relevant
laws and regulations, including the Intellectual Property Rights Protection
Law, the Personal Data Protection Law, the Regulations Governing
Information Security Management of the Executive Yuan and Agencies under the
Executive Yuan, and any agreements and contracts with outside businesses.
2. FA will endeavor to promote the exercise, auditing,
communication and coordination of plans and projects relating to the management
system and conducts educational training and propagation relating information
and personal data protection to ensure all personnel has the knowledge of the
duties of maintaining security in their work.
3. It is a principle that information properties
possessed by staff in their work should be treated as public if they are publicly
owned. All data are classified in accordance with their need as planned and business
required risk evaluation will be taken to achieve effective management and
control. Digitalization of information system will be operated and managed in
accordance with actual business requirements to ensure the applicability of digitalized
operation.
4. Access to the office areas and computers installation
rooms will be properly controlled and monitored to ensure their security.
5. Technological protection and management are
enhanced to ensure maximum security of the computer hardware and the information
system. Minimum accessibility need is adopted in accordance with the duty assignments
of the personnel and their access authority to prevent system sabotage resulting
from improper access, modification, damage, or net attack.
6. In order to prevent computer viruses and malicious
system operation, only authorized systems and software are permitted to be
used. All other unauthorized software is prohibited.
7.Protection of all personal information should
meet the following requirements:
(1) The collection, processing and utilization of
personal information will be operated within the scope of business so required
to ensure the legality, accuracy and appropriateness of the data access, with
prior authorization for such access.
(2)For the commission of third parties to collect,
process, and utilize personal data, proper administration and review need to be
developed.
(3) Channels are provided to the parties of direct
concern for inquiring, copying, modifying, supplementing, deleting, and
terminating the usage of personal data, as well as procedures for complaints
and reporting, and automatic reporting to the related parties in case of
incidents involving the security of personal data.
III. Responsibilities
1. The management level personnel should actively participate
in and support the management system, and implement this
policy through appropriate standard and procedures.
2. All FA personnel, outsourcing businesses, and
visitors should comply with this policy.
3. All FA personnel and outsourcing businesses have
the responsibility of reporting any information security incidents and faults
through the appropriate reporting mechanism.
4. Any infringement of information security or personal
data protection should be liable to administrative, civil or criminal actions in
accordance with the applicable law, based on its severity, or accountable for administrative
actions in accordance with the relevant rules and regulations of FA. |