Information Security Policy
This policy is formulated to ensure the confidentiality, integrity, and availability of the information assets owned by Taiwan Economic Journal Co. Ltd. (referred to as the “TEJ Company“), to comply with the requirements of relevant laws and regulations, and to protect them from internal and external deliberate or unexpected threats while considering the TEJ Company‘s business needs.
1. Scope of application
Our employees, institutions, individuals, outsourced service providers, and third-party users who access our business information must abide by this information security policy.
2. Information security goals
To maintain the confidentiality, integrity, and availability of the TEJ Company’s information assets and protect the security of user data privacy, we hope to achieve the following goals through the implementation of this policy:
- Protect the security of the TEJ Company’s business services and ensure that only authorized personnel can access information to ensure its confidentiality.
- Protect the security of the TEJ Company’s business services and avoid unauthorized modifications to ensure their correctness and integrity.
- Establish the TEJ Company’s business continuity plan to ensure the continued operation of the TEJ Company’s information business services.
- Ensure that the execution of the TEJ Company’s various business services must comply with the requirements of relevant laws or regulations.
To evaluate the achievement of information security goals, information security management indicators are specifically formulated and measured regularly to verify the effectiveness of ISMS implementation.
- Management should actively participate in and support the Information Security Management System and implement this policy through appropriate standards and procedures.
- The TEJ Company should establish an information security organization to promote information security matters.
- Important information assets should be regularly inspected, classified, and assessed regarding their risks, and appropriate protective measures should be implemented accordingly.
- Access rights to critical information facilities should be differentiated, and relevant rights should be granted based on personnel positions. Encryption, decryption, and identity authentication mechanisms may be adopted when necessary to enhance the security of information assets.
- Relevant personnel should receive information security education, training, and government announcements to improve information security awareness.
- There must be complete reporting and response measures for information security incidents to ensure the continued operation of information systems and businesses.
- An information security business continuity plan should be formulated and conducted regularly to ensure that essential systems and companies can resume operations within the scheduled time when a disaster occurs.
- Regularly perform information security audits to review access rights and the implementation of information security management systems.
- Any behavior that endangers information security will be investigated for civil, criminal, and administrative liability depending on the severity of the case or will be dealt with by the TEJ Company’s relevant regulations.
- This policy is evaluated at least once a year and revised based on business changes, technological developments, and risk assessment results.
4. Needs and expectations of interested parties
The resolutions of the TEJ Company‘s information security management system should be included in the information security committee management review meeting report, and the meeting minutes will be submitted to the competent authority when necessary. Suppose the information security committee, the competent authority (or the requirements of laws and regulations), experts and scholars, and other interested parties have information security-related feedback. In that case, they should be included in the discussion topics of the management review meeting.
This policy should be reviewed by the Information Security Committee at least once a year to reflect the latest developments in government laws, technology, and business to ensure the TEJ Company’s ability to operate its business sustainably.
This policy will be implemented after approval by the Board of Directors, and the same applies when revised.