Press Enter go to main content
:::

Revenue Service Office, New Taipei City Government

:::
    • facebook(open new window)
    • google plus(open new window)
    • line(open new window)

Security Policy

New Taipei City Government Revenue Service Bureau 
Information Security Policy


Classification level: public information
Document number: IT3-01000000
Version: 2.2
Date of the first version: 92.10
Revision date: 101.09.21

1. Authority

  1. Information Security Rules for Executive Yuan and its subordinate agencies

  2. Information Security Management Rules for Executive Yuan and its subordinate agencies

  3. Information Security Management Rules for Ministry of Finance and its subordinate agencies

  4. National Information and Communication Security Development Project

  5. ISO/IEC 27001(Information technology — Security techniques — Information security management systems — Requirements)

  6. CNS 27001

2. purpose

We establish this policy to ensure that this office safely collects, processes, transmits, stores, and circulates information, to maintain the confidentiality, integrity, availability, and legality of information, and to promote the efficiency of tax collection and service to the public.

3. Policy

It is the responsibility of everyone to be mindful of and to carry out information security.

4. Applicability

Staff of this office, external entities that get contact with business information of this office, contractors, and third-party users.

5. Rights and responsibilities

  1. The task force for the promotion of information security is responsible for the promotion, coordination, and review of information security matters.

  2. The technical subgroup of the task force for the promotion of information security is responsible for the establishment of rules for the usage and safe management of information.

  3. The head of each unit is responsible for the execution of this policy and relevant rules.

  4. The staff of this office should thoroughly understand this policy and relevant rules and should do their best to protect the security of information assets.

  5. All people who are not staff of this office but who get into contact with business information of this office should also comply with this policy.

6. Definition of terminology

  1. Confidentiality: to ensure that only those who have been authorized can save or retrieve information assets

  2. Integrity: to ensure the accuracy and completeness of the handling methods of information assets

  3. Availability: to ensure that when there is a need, an authorized user can access the information assets.

  4. Legality: in compliance with the laws and regulations of the nation

7. Key points in execution

  1. Establish a dedicated organization that is responsible for establishing and maintaining an information security management system to ensure that this policy is carried out.

  2. Establish rules for information security management

8. Promulgation and execution

Depending on business changes, technical development, and risk assessment, this police should be reviewed at least once a year. The review should be recorded. This policy should be continually revised for improvement in its effectiveness and appropriateness to meet legal, technical, and operational requirements. The revision should be reviewed by the task force for the promotion of information security, approved by the director general of this office, and executed. The same is true of corrections

  • Date:2018-08-27
  • Department:Planning Service Division
  • Update:2018-10-02
  • Count Views:785
Top