Security Policy

Collection and Utilization of Personal Information

Personal information is collected for the purposes of providing services undertaken pursuant to the Personal Data Protection Law and relevant laws and regulations. No personal information shall be disclosed to a third party. When you visit this site, this site will automatically collect the following information: date and time, pages you visit, your IP, your browser type, and your actions on this site, such as downloading information. Online actions causing heavy traffic to this site will be monitored.

Responsibility, Authority, Education and Training of Information Security

Proper division of labor and distribution of responsibility and authority are applied to personnel processing sensitive and confidential data and personnel authorized with system administration privilege required by work. An assessment and evaluation system is established and a mutual support system may be established where necessary.

The authority of access to information resources of personnel who have terminated employment, or on leave, or in suspension shall be managed in accordance with the Personnel Employment Service Termination, On Leave and Suspension Management Procedures, and their authority to access to all information resources are cancelled. Information security education, training and publicizing programs are organized for personnel of all levels based on their roles and functions for actual needs to enable them understand the importance and potential risks of information security in order to enhance the information security awareness of personnel and to following rules and regulations concerning information security.

Information Security Operations and Protection

Procedures for managing information security events are established and responsibilities are assigned to relevant personnel to quickly and effectively handle information security events. Mechanisms for managing and reporting changes in information facilities and systems are established to prevent loopholes in the system security.

Personal information is carefully processed and protected pursuant to the Computer-processed Personal Data Protection Law and relevant regulations and rules. System redundant facilities are established; and necessary data and software backup and redundancy are performed at planned intervals to quickly recover normal operations in case of disasters or storage failures.

Internet Security Management

Firewalls are established between outbound nodes to control information transmission and resource access between the extranet and intranet; and identify verification is strictly performed.

Confidential and sensitive data or documents are neither stored in public systems nor transfer in emails. Intranet information security and antivirus facilities are audited and virus codes and other security facilities are updated at planned intervals.

System Access Control Management

Procedures for issuing and changing access codes are established according to operating system and security management needs, and records are maintained. When logging in the system, access authority at different levels is assigned to personnel according to their functions; and an access code and a password assigned to personnel by information administrators are updated at planned intervals.