Cyber Security Policy
A. Statutory Basis
(1)The “Cyber Security Management Act”, its enforcement rules, and other related laws.
(2)Cyber Security Policies of the Ministry of Labor
B. Objectives
The Cyber Security Policies ("the Policies") are established by the Bureau of Labor Insurance ("BLI"), Ministry of Labor, with an aim to enhance the management of cyber security. All BLI computer systems, networks, data, equipment, implementers, as well as all relevant anti-virus and anti-hacking devices in its cyber environment, shall be incorporated into the security management mechanism. Relevant cyber security education and communication shall be strengthened, so as to establish systematic preventive measures and contingency plans to ensure the cyber security within the Bureau.
C. Scope of Application
(1)The Policies shall apply to all BLI employees, contracted staff, outsourced suppliers, their resident personnel in BLI, and visitors ("all staff").
(2)Unless otherwise required, all the business units in BLI shall ensure compliance with the security requirements provided in the Policies, as well as relevant cyber security management procedures, guidelines, safety maintenance measures and confidentiality programs.
D. Definition
(1)Cyber Security: Prevent the BLI' cyber system and the data from unauthorized access, use, control, leakage, damage, alteration, destruction or other infringement, so as to ensure its confidentiality, integrity and usability.
(2)Cyber Security: Implement relevant security control mechanisms to reduce the threats from social engineering, hacking attacks, malicious software or spyware, so as to ensure the confidentiality, integrity and usability of the information processed within the Cyberspace, thereby protecting the people, the society, the organization and the country from the network risks. By definition, Cyberspace refers to a complicated, virtual environment generated by the interaction among human beings, software and network services through technology devices and network connections.
E. Management Tasks
(1)Cyber Security Objectives
(I) Ensuring the confidentiality of BLI business information; preventing unauthorized access to or loss of highly sensitive BLI information or personal information belonging to the public.
(II) Ensuring the integrity and usability of information related to labor insurance business administered by BLI, as well as various business operations entrusted (commissioned) thereto, including allocation and repayment to the Wage Arrears Payment Fund, administration of Farmer Health Insurance, distribution of the Welfare Allowance for Elderly Farmers, Employment Insurance , the new Labor Pension system, National Pension Insurance, Farmer Pension, Maternity Leave Salary Subsidy, and Labor Occupational Accident Insurance and Protection, etc.; while providing services and execute business accurately to secure quality of life for labors, farmers, indigenous people and the general public, thereby increasing the stability and prosperity of society.
(III) Establishing a safe and smooth operating environment in accordance with the Cyber Security Policies of the Ministry of Labor, the Information and Communication Security Management Act, its enforcement rules, and other related laws , the Personal Information Protection Act and its enforcement Act; ensuring the safety of BLI digital information, computer systems, equipment, and networks; and strengthening the confidentiality, integrity and usability of the BLI's cyber system, so as to guarantee the rights and interests of the people, as well as the sustainable development of the Bureau.
(2)Declaration on Cyber Security
Strengthen awareness of cyber security to guarantee a robust risk-preventing system. Maintain high-standard cyber security to ensure sustainable business development.
(3)Cyber Security Tasks
The BLI cyber security system shall include the following tasks: organization and accountability for information security; employee security management and training; operational security management; communication security management; access control; security for application development and maintenance; key and password control; information asset security management; physical asset and environmental safety; sustainability planning and management; cyber security auditing; corrective and preventive measures; management of cyber security incidents; management of outsourced contractor relations; cloud service safety, threat intelligence, privacy protection, and compliance management, etc.
(4)Cyber Security Accountability
(I) All staff are required to follow the relevant BLI Cyber Security Policies, procedures, guidelines, security maintenance measures and confidentiality implementation plans. Any violation of cyber security shall be subject to punishment or legal action.
(II) All staff are responsible to proactively report any cyber security defects or incidents when discovered, which shall be conducted in accordance with the Cyber Security Incidents Reporting Procedures.
(5)Education regarding Cyber Security Policies and Updates The BLI shall arrange regular education on cyber security policies and updates, so as to increase the awareness and sense of responsibility of all staff.
(6)Facilitation of Cyber Security Tasks
The BLI shall establish a business unit to facilitate cyber security tasks, and shall designate the relevant missions, accountability principles for job division of the unit. A top-down approach shall be adopted to ensure proper job division, thereby elevating the quality of BLI cyber security management, and ensuring the robustness of the system.
(7)Emergency Reporting Mechanisms for Cyber Security Incidents
The BLI shall establish an emergency reporting mechanism for all cyber security incidents, which shall include emergency reporting steps, handling procedures, relevant requirements, and explanations.
(8)Requirements for Cyber Security Training
The BLI shall arrange regular cyber security training and education for all staff, helping them to understand the importance of cyber security, increasing awareness thereof, and ensuring observance of relevant regulations.
(9)Other Requirements
(I) The BLI shall, at least once a year, conduct reviews on the Policies and the related cyber security procedures and guidelines. Amendments shall be made, where necessary, based on changes in the nature of business, technical developments, update of standards and risk evaluation results. Amendments shall be communicated to all staff through appropriate channels.
(II) The evaluation of the policy shall be conducted by the Cyber Security Implementation Team, and shall be approved by Director General or his/her authorized deputy.