The information security policy declared:
The Taichung Customs (hereafter referred to as the TCC) core operation is Cargo Clearance Automation System and its related operations. In order to protect the TCC core relevant information assets security (information assets include data, systems, equipments, and etc.), avoid external threat or inside personnel improper management and use, cause the risk of garbled, disclosed, destroyed or lost etc., we redact Information Security Policy (hereafter referred to as the policy).
The policy is defined according to including “Executive Yuan and its subordinates Information Security Management Point”, “Executive Yuan and its Subordinates Information Security Management Constraint”, “Ministry of Finance and its Subordinates Information Security Management Principle”,“Customs Law”, “Data Protection Law” relevant decrees and regulations ,etc. and considering customs clearance requirement.
The TCC vision is: To provide convenient, efficient and safe customs clearance service.
4. Information security policy:
In order to achieve the expectation and requirement of the TCC toward information security maintenance, we will based on this policy, will according to the organization request and consider the information assets risk, to establish an integral, feasible, effective information security management system (hereafter referred to as ISMS), so as to provide the best guarantee to the TCC information security.
4.2 Scope of ISMS
First Clearance Division, Second Clearance Division Export Cargo Clearance Section, Secretariat Information Management Subsection, and the computer room.
The core operation is import and export customs information system and its related operations.
Whether for reach above-mentioned purpose, the TCC information security policy are as follows:
Guarantee that every information assets can offer instant and correct service, in order to meet the user's demand.
Depend on information assets the importance classification and offer the proper protection to ensure integrality of information assets.
Properly divide data secret grade and give proper norm and protection in accordance with its secret grade.
5. Scope of application:
This policy is suitable for all colleagues of the TCC (including skilled worker, employed-by-contract, work-study and alternative-military-service) in every tariff TCC, signing vender, the outsourcing vender and relevant information assets.
First, every department (office) first class executive manager of the TCC should actively participate in the ISMS activities, offer the support of the ISMS correctly.
Second, this every department (office) of the TCC should implement the request for a policy through the proper procedure.
Third, all of the colleagues, signing manufacturer, the outsourcing companies have responsibility to follow this policy.
Fourth, above-mentioned personnel are responsible to report information security accident or suspicious information security weakness through proper report mechanism when they found.
7. Risk assessment and management:
The TCC accords with the quantitative and qualitative policy goal in order to reach the vision, Specially make risk assessing and procedure, in order to manage the information assets risk, reduce the risk to accept the range.
8. Compliance of the information security policy:
A. all of the colleagues, every tariff TCC, signing manufacturer, the outsourcing companies has not followed a policy or relevant information security regulations, or any other behaviors of threatening the of information security of the TCC, will all appeal to the proper punishment procedure or legal action. As to the thing that the decree of information security or the technology offer and improve the suggestion, the persons who really have effects through carrying out should reward properly.
B. all colleagues of the TCC is required to sign “Confidential Agreement on TCC Personnel Information Security Responsibility”, and be award of all information accessed during working period in the Customs Administration asset belong to The Customs Administration and not allowed to be used on other unauthorized purpose.
9. Revision of the information security policy:
This policy should be reappraised at least once a year to reflect up-to-date status of government regulation, technique and operation and to ensure effectiveness of information security practice.