East Coast National Scenic Area

1.

This policy is set in accordance with the “Main points of information security management for the Executive Yuan and its subsidiary bodies”, “Information security management standards for the Executive Yuan and its subsidiary bodies” and the “ Information Security Policy of the Construction and Planning Agency, Ministry of the Interior” and takes into account the actual work requirements of East Coast National Scenic Area Administration.

2.

This policy is set to strengthen East Coast National Scenic Area Administration's information security management, ensure information confidentiality, completeness and usability, information equipment (computer hardware, software and peripherals) and network system reliability and the information security awareness of staff, and to prevent the aforementioned resources being interfered with, damaged, invaded or subject to any negative behavior or attempted behavior.

3.

For the overall management coordination, planning, checking and promotion of information security management a cross-unit information group will be established (group below). The support work for this group will be the responsibility of the Planning Section. The group's members will be dispatched from the various units of East Coast National Scenic Area Administration and the group will be established after approval from the park Superintendent.

4.

According to the following division of labor principles, related units and personnel have the following work responsibilities：

1. Discussion, establishment and assessment etc of information security policy, plans and technology standards will be handled by the Planning Section.
2. Data and information system security requirement discussion, management and protection shall be handled by East Coast National Scenic Area Administration's various units.
3. Information confidentiality maintenance and security checking etc shall be handled by East Coast National Scenic Area Administration's Personnel Section (concurrently Ethical Section) together with other related units.

5.

The scope of the policy is as follows: Related units and personnel should set related management standards or implementation plans for the following items and regularly check implementation results：

1. Personnel management and information security education and training.
2. Computer system security management.
3. Network security management.
4. System saving and retrieval control.
5. System development and maintenance security management.
6. Information asset security management.
7. Real object and environment security management.
8. Sustainable business plan planning and management.

6.

Personnel management and information security education and training：

1. For information related positions and work security assessment should be carried out. Careful assessment of the suitability of personnel carried out when recruiting personnel and allocating work and tasks, with the necessary checking also carried out. Managers of various units are responsible for the supervision of the information work security of their subordinates and for preventing illegal or inappropriate behavior.
2. With regards to the requirements of management, work and information etc work categories, information security and training and education will be regularly carried out to boost staff information security awareness and raise the level of information security.