New Taipei City Government Revenue Service Bureau
Information Security Policy
Classification level: public information
Document number: ISMS-01000000
Date of the first version: 92.10
Revision date: 111.02.21
Information Security Rules for Executive Yuan and its subordinate agencies
Information Security Management Rules for Executive Yuan and its subordinate agencies
Information Security Management Rules for Ministry of Finance and its subordinate agencies
National Information and Communication Security Development Project
ISO/IEC 27001(Information technology — Security techniques — Information security management systems — Requirements)
We establish this policy to ensure that this office safely collects, processes, transmits, stores, and circulates information, to maintain the confidentiality, integrity, availability, and legality of information, and to promote the efficiency of tax collection and service to the public.
It is the responsibility of everyone to be mindful of and to carry out information security.
Staff of this office, external entities that get contact with business information of this office, contractors, and third-party users.
5. Rights and responsibilities
The task force for the promotion of information security is responsible for the promotion, coordination, and review of information security matters.
The technical subgroup of the task force for the promotion of information security is responsible for the establishment of rules for the usage and safe management of information.
The head of each unit is responsible for the execution of this policy and relevant rules.
The staff of this office should thoroughly understand this policy and relevant rules and should do their best to protect the security of information assets.
All people who are not staff of this office but who get into contact with business information of this office should also comply with this policy.
6. Definition of terminology
Confidentiality: to ensure that only those who have been authorized can save or retrieve information assets
Integrity: to ensure the accuracy and completeness of the handling methods of information assets
Availability: to ensure that when there is a need, an authorized user can access the information assets.
Legality: in compliance with the laws and regulations of the nation
7. Key points in execution
Establish a dedicated organization that is responsible for establishing and maintaining an information security management system to ensure that this policy is carried out.
Establish rules for information security management
8. Promulgation and execution
Depending on business changes, technical development, and risk assessment, this police should be reviewed at least once a year. The review should be recorded. This policy should be continually revised for improvement in its effectiveness and appropriateness to meet legal, technical, and operational requirements. The revision should be reviewed by the task force for the promotion of information security, approved by the director general of this office, and executed. The same is true of corrections
- Department：Planning Service Division
- Count Views：2622