Your browser does not support JavaScript. Please open your JavaScript console if the webpage does not function normally
Please press Ctrl + P to print
For IE6 users, please press ALT + V → X → (G) Largest (L) Large (M) Medium (S) Small (A) Smallest to choose the font size.
For IE7(above)/Firefox users, please press Ctrl + (+) enlarge / (-)reduce to change the font size.

Information Security Policy

A. Statutory Basis
(1)The “Cyber Security Management Act”, its enforcement rules, and other related laws.
(2)Information Security Policies of the Ministry of Labor

B. Objectives
The Information Security Policies ("the Policies") are established by the Bureau of Labor Insurance ("BLI"), Ministry of Labor, with an aim to enhance the management of information security. All BLI computer systems, networks, data, equipment, implementers, as well as all relevant anti-virus and anti-hacking devices in its information environment, shall be incorporated into the security management mechanism. Relevant information security education and communication shall be strengthened, so as to establish systematic preventive measures and contingency plans to ensure the information security within the Bureau.

C. Scope of Application
(1)The Policies shall apply to all BLI employees, contracted staff, outsourced suppliers, their resident personnel in BLI, and visitors ("all staff").
(2)Unless otherwise required, all the business units in BLI shall ensure compliance with the security requirements provided in the Policies, as well as relevant information security management procedures, guidelines, safety maintenance measures and confidentiality programs.

D. Definition
Information Security: By definition, "Information Security" refers to the implementation of protective measures, means and mechanisms, including specific, useful and cost-effective management tools, operations and techniques, to precisely control BLI information assets. The information security policies prevent the information from being improperly used, leaked, altered, stolen, or destroyed; enable quick and appropriate responsive actions against emergencies caused by malicious attacks, destruction or improper use of information; and ensure the resumption of normal operation within the shortest time possible, to minimize potential damage or impact on BLI operations.

E. Management Tasks
(1)Information Security Objectives
(I) Ensuring the confidentiality of BLI business information; preventing unauthorized access to or loss of highly sensitive BLI information or personal information belonging to the public.
(II) Ensuring the integrity and usability of information related to labor insurance business administered by BLI, as well as various business operations entrusted (commissioned) thereto, including allocation and repayment to the Wage Arrears Payment Fund, administration of Farmer Health Insurance, distribution of the Welfare Allowance for Elderly Farmers, Employment Insurance , the new Labor Pension system, National Pension Insurance, Farmer Pension, Maternity Leave Salary Subsidy, and Labor Occupational Accident Insurance and Protection, etc.; while providing services and execute business accurately to secure quality of life for labors, farmers, indigenous people and the general public, thereby increasing the stability and prosperity of society.
(III) Establishing a safe and smooth operating environment in accordance with the Information Security Policies of the Ministry of Labor, the Information and Communication Security Management Act, its enforcement rules, and other related laws , the Personal Information Protection Act and its enforcement Act; ensuring the safety of BLI digital information, computer systems, equipment, and networks; and strengthening the confidentiality, integrity and usability of the BLI information system, so as to guarantee the rights and interests of the people, as well as the sustainable development of the Bureau.
(2)Declaration on Information Security
Keep information security in mind, and exercise constant care and caution; when information security is done right, sustainable business development is ensured.
(3)Information Security Tasks
The BLI information security system shall include the following tasks: organization and accountability for information security; employee security management and training; operational security management; communication security management; access control; security for application development and maintenance; key and password control; information asset security management; physical asset and environmental safety; sustainability planning and management; information security auditing; corrective and preventive measures; management of information security incidents; management of outsourced contractor relations; compliance management; and privacy protection of electronic data, etc.
(4)Information Security Accountability
(I) All staff are required to follow the relevant BLI Information Security Policies, procedures, guidelines, security maintenance measures and confidentiality implementation plans. Any violation of information security shall be subject to punishment or legal action.
(II) All staff are responsible to proactively report any information security defects or incidents when discovered, which shall be conducted in accordance with the Information Security Incidents Reporting Procedures.
(5)Education regarding Information Security Policies and Updates The BLI shall arrange regular education on information security policies and updates, so as to increase the awareness and sense of responsibility of all staff.
(6)Facilitation of Information Security Tasks
The BLI shall establish a business unit to facilitate information security tasks, and shall designate the relevant missions, accountability principles for job division of the unit. A top-down approach shall be adopted to ensure proper job division, thereby elevating the quality of BLI information security management, and ensuring the robustness of the system.
(7)Emergency Reporting Mechanisms for Information Security Incidents
The BLI shall establish an emergency reporting mechanism for all information security incidents, which shall include emergency reporting steps, handling procedures, relevant requirements, and explanations.
(8)Requirements for Information Security Training
The BLI shall arrange regular information security training and education for all staff, helping them to understand the importance of information security, increasing awareness thereof, and ensuring observance of relevant regulations.
(9)Other Requirements
(I) The BLI shall, at least once a year, conduct reviews on the Policies and the related information security procedures and guidelines. Amendments shall be made, where necessary, based on changes in the nature of business, technical developments, and risk evaluation results. Amendments shall be communicated to all staff through appropriate channels.
(II) The evaluation of the policy shall be conducted by the Information Security Implementation Team, and shall be approved by Director General or his/her authorized deputy.
Last Update:2022-01-28