In order to prevent the damage, unexpected or unauthorized revision in unsafe internet environment and secure the data and system in safe, useful and completed condition, we establish the procedure of information safety management for the employees to respect.

Information system safety management

1. Establish safety control for information system to secure the information and data safety, protection system and internet operation and prevent unauthorized system log in.
2. The assets of information system managed by dedicated manager.

Malware prevention

1. To use or download unauthorized or non-business related software is prohibited.
2. Install computer virus detection and repair software and updated periodically to prevent the virus attack.

Computer software and program copyright protection

1. To use authorized software and not infringe the copyright. Well manage the software product power of attorney, original disc and operation manual.
2. Legal software is prohibited to use or transfer to unauthorized use.

Internet safety management

1. Information sponsor shall check if the internet system is abnormal and record.
2. Authorized internet user is only allowed to use authorized internet resources.

3. Internet user shall respect the safety regulations and realize the responsibility. If the user infringe the safety regulations, the user will be limited or revoked the right and punished according to the regulations.
4. Isolate by firewall to control the data transmission between internal and external internet.

E-mail safety management

1. Follow the regulations for e-mail registration and change.
2. Set up the safety management for e-mail to reduce the safety risk.

Computer management and safety protection

1. Check the efficiency of software and hardware system and update software to latest version and problematic information.
2. Check and update system safety, antivirus software and antivirus code to secure the system operation normally.

Data or information backup

1. The system sponsor shall backup the system setup file, internet information, file in server and data base periodically and record for audit.
2. Disaster recovery simulation should be implemented and announcement function shall be set up to secure the emergent response and system recovery is effective.

The safety and management of computing control center

1. The access control shall be set up for computing control center. The visitor shall be registered and unauthorized visitor is prohibited to enter.
2. The system management, technology consultant and computing control center sponsor shall record properly for audit.

Information safety policy announcement

1. The information safety policy should be announced periodically for employee to respect.