| |
|
- Personal
Information Collection and Use
Personal
information will be used only for specific purpose
related to the service we provide and will not be
disclosed to any third party in accordance with the
Computer-Processed Personal Information Law and other
related regulations.
When you use our website, we automatically collect
the following information: date and time, the webpage
you request, URL you are on, browser type, any action
(such as downloads, etc) whether that action was successful
or not.
The information may help improve the efficiency of
our website.We monitor any action which may cause
a heavy load to our website.
- Confidentiality
Security and Training
For employees who deal with sensitive and confidential
information, and those who are entitled to manage
systems because of job requirement, clear division
of job in order to disperse rights and duties should
be arranged; and evaluation and examination systems
should be established; as well as mutual support systems.
For employees who resign (ask for leave, suspended
from duties), all related matters must follow concerned
procedures and the authorization for all systems must
be cancelled immediately.
Based on the position and occupational ability of
different levels of employees, education and training
for information security should be conducted depending
on the actual situation in order to make employees
understand the importance and all possible risks,
and enhance awareness to conform to the relative regulations
accordingly.
- Information
Security Procedure and Protection
We have operating procedures for information security
issues, and impose necessary responsibility to employees
concerned in order to tackle with these matters rapidly
and efficiently.
We have informing system for change management of
information facilities and systems to avoid loophole
in security.
We process and protect personal information cautiously
in accordance with related provisions of Computer-Process
Personal Information Law.
We carry system backup facilities, and update/backup
necessary data and software periodically in order
to be able to restore all data swiftly in case of
damage or failure of saving media.
- Management
of Internet Security
We establish firewalls to monitor data transmission
and resource access between the external and the internal
network at our link, and strictly conduct identity
recognition operation.
Any confidential and sensitive information or document
is neither stored in open system nor delivered by
e-mail.
We periodically examine and inspect internal network
for information security, latest virus code and other
security measures.
- System
Access Control Management
We set up password issuance and change procedures
depending on operation system and security management
requirement, and record it.
The information center management staff should assign
authorization account and password for employees to
log in each system according to necessary authorization
of each staff level, and update them regularly.
|
