Wed, 26 Sep 2018 22:41:16 GMT+08:00
Home ::: Employer Employee Home | Site Map | Bilingual Glossary | Contact Us | FAQ | 中文版
:::
::: Home » About B.L.I » Information Security Policy
Font size: small medium large      PrintPrint   
Information Security Policy Last Modified:2018-08-06

A. Statutory Basis
(1)
 
Regulations Governing the Management of Information Security by the Executive Yuan and Its Agencies
(2) Guidelines Governing the Management of Information Security by the Executive Yuan and Its Agencies
(3) Information Security Policies of the Executive Yuan's Ministry of Labor

B. Objectives
The Information Security Policies ("the Policies") are established by the Bureau of Labor Insurance ("BLI"), Ministry of Labor, with an aim to enhance the management of information security. All BLI computer systems, networks, data, equipment, implementers, as well as all relevant anti-virus and anti-hacking devices in its information environment, shall be incorporated into the security management mechanism. Relevant information security education and communication shall be strengthened, so as to establish systematic preventive measures and contingency plans to ensure the information security within the Bureau.

C. Scope of Application
(1) The Policies shall apply to all BLI employees, contracted staff, outsourced suppliers, their resident personnel in BLI, and visitors ("all staff").
(2) Unless otherwise required, all the business units in BLI shall ensure compliance with the security requirements provided in the Policies, as well as relevant information security management procedures, guidelines, safety maintenance measures and confidentiality programs.

D. Definition
Information Security: By definition, "Information Security" refers to the implementation of protective measures, means and mechanisms, including specific, useful and cost-effective management tools, operations and techniques, to precisely control BLI information assets. The information security policies prevent the information from being improperly used, leaked, altered, stolen, or destroyed; enable quick and appropriate responsive actions against emergencies caused by malicious attacks, destruction or improper use of information; and ensure the resumption of normal operation within the shortest time possible, to minimize potential damage or impact on BLI operations.

E. Management Tasks
(1) Information Security Objectives
(I) Ensuring the confidentiality of BLI business information; preventing unauthorized access to or loss of highly sensitive BLI information or personal information belonging to the public.
(II) Ensuring the integrity and usability of information related to labor insurance business administered by BLI, as well as various business operations entrusted (commissioned) thereto, including allocation and repayment to the Wage Arrears Payment Fund, administration of Farmer Health Insurance, distribution of the Welfare Allowance for Elderly Farmers, Employment Insurance , the new Labor Pension system, and National Pension Insurance; while providing services and execute business accurately to secure quality of life for labors, farmers, indigenous people and the general public, thereby increasing the stability and prosperity of society.
(III) Establishing a safe and smooth operating environment in accordance with the Information Security Policies of the Executive Yuan's Ministry of Labor, the Regulations Governing the Classification of Information and Communication Security Accountability in Government Organizations (Agencies), the Regulations Governing the Classification of Information Systems and Standards for Information Security Protection and the Personal Information Protection Act; ensuring the safety of BLI digital information, computer systems, equipment, and networks; and strengthening the confidentiality, integrity and usability of the BLI information system, so as to guarantee the rights and interests of the people, as well as the sustainable development of the Bureau.
(2) Declaration on Information Security
Keep information security in mind, and exercise constant care and caution; when information security is done right, sustainable business development is ensured.
(3) Information Security Tasks
The BLI information security system shall include the following tasks: organization and accountability for information security; employee security management and training; operational security management; communication security management; access control; security for application development and maintenance; key and password control; information asset security management; physical asset and environmental safety; sustainability planning and management; information security auditing; corrective and preventive measures; management of information security incidents; management of outsourced contractor relations; and compliance management.
(4) Information Security Accountability
(I) All staff are required to follow the relevant BLI Information Security Policies, procedures, guidelines, security maintenance measures and confidentiality implementation plans. Any violation of information security shall be subject to punishment or legal action.
(II) All staff are responsible to proactively report any information security defects or incidents when discovered, which shall be conducted in accordance with the Information Security Incidents Reporting Procedures.
(5) Education regarding Information Security Policies and Updates The BLI shall arrange regular education on information security policies and updates, so as to increase the awareness and sense of responsibility of all staff.
(6) Facilitation of Information Security Tasks
The BLI shall establish a business unit to facilitate information security tasks, and shall designate the relevant missions, accountability principles for job division of the unit. A top-down approach shall be adopted to ensure proper job division, thereby elevating the quality of BLI information security management, and ensuring the robustness of the system.
(7) Emergency Reporting Mechanisms for Information Security Incidents
The BLI shall establish an emergency reporting mechanism for all information security incidents, which shall include emergency reporting steps, handling procedures, relevant requirements, and explanations.
(8) Requirements for Information Security Training
The BLI shall arrange regular information security training and education for all staff, helping them to understand the importance of information security, increasing awareness thereof, and ensuring observance of relevant regulations.
(9) Other Requirements
(I) The BLI shall, at least once a year, conduct reviews on the Policies and the related information security procedures and guidelines. Amendments shall be made, where necessary, based on changes in the nature of business, technical developments, and risk evaluation results. Amendments shall be communicated to all staff through appropriate channels.
(II) The BLI shall establish a designated project team to review the Policies.
Back Top
::: l Information Security Policy l Privacy Policy l Banner Download l
  Address: No.4, Sec. 1, Roosevelt Rd. , Zhongzheng District, Taipei City 10013, Taiwan (R.O.C.) Toll-free Phone :0800-078-777 Information Center Telephone:+886-2-2396-1266 Opening time:Mon – Fri 8:00 ~ 18:00 Copyright © 2018 Bureau of Labor Insurance, Ministry of Labor Best viewed with IE 7,Firefox or higher with 1024X768 resolution