資通安全政策Information Security Policy
- 目的Purpose
為增進光合訊科技股份有限公司(以下簡稱本公司)資通訊作業安全及穩定之運作,防止資訊或資通系統受未經授權之存取、使用、控制、洩漏、破壞、竄改、銷毀或其他侵害,並確保其機密性(Confidentiality)、完整性(Integrity)及可用性(Availability),特別制定資通安全政策以管理資訊安全。
To enhance the security and stable operation of the information and communication activities of GIP Technology Corporation (hereinafter referred to as “the Company”), and to prevent unauthorized access, use, control, leakage, destruction, alteration, or other violations of information or information systems, this Information Security Policy is specially formulated to manage information security and ensure the confidentiality, integrity, and availability of information and systems. - 適用範圍Scope
2.1本政策適用範圍為本公司之全體同仁(含正式員工、約聘(用)員工、臨時性工作人員)、委外服務廠商與訪客等。
This policy applies to all personnel of the Company, including full-time employees, contract employees, temporary workers, outsourced service vendors, visitors, and others.
2.2資通安全管理制度範疇涵蓋組織、人員、實體及技術等4大領域,避免因人為疏失、蓄意或天然災害等因素,導致資料不當使用、洩漏、竄改、破壞等情事發生,對本處造成各種可能之風險。
The scope of information security management includes four major areas: organization, personnel, physical, and technical domains, to prevent risks due to human error, malicious acts, or natural disasters that may result in improper use, leakage, alteration, or destruction of data. - 目標Objectives
為維護本公司資訊資產之機密性、完整性與可用性,期藉由本政策之實施以達成下列目標:The implementation of this policy aims to protect the Company’s information assets’ confidentiality, integrity, and availability and to achieve the following goals:
3.1確保本公司相關資訊之機密性,保障客戶機敏資訊與個人資料。
Ensure the confidentiality of relevant company information, safeguarding sensitive customer and personal data.
3.2 確保本公司相關資訊之完整性及可用性,提高行政效能與服務品質。
Ensure the integrity and availability of company information to enhance administrative efficiency and service quality.
3.3配合國家及本政策之推動,提升資通安全防護能力。
Align with national regulations and promote improved information security defenses.
3.4符合國家法令與本公司之規範,達成持續運作之目標。
Comply with national laws and company regulations, achieving sustainable business operations. - 政策Policy Statements
4.1考量相關法律規章及營運要求,評估資通訊作業安全需求,應建立相關程序,以確保資訊資產之機密性、完整性及可用性。
Based on applicable laws, regulations, and operational requirements, assess the security needs of information and communication operations and establish related procedures to ensure the confidentiality, integrity, and availability of information assets.
4.2建立本公司資通安全組織並訂定分工權責,推行資通安全作業。
Establish an internal information security organization with defined roles and responsibilities to implement secure information practices.
4.3建立資通安全事件通報應變機制,以確保資安事件妥善回應、控制及處理。
Establish mechanisms for reporting and responding to information security incidents to ensure proper handling, control, and remediation.
4.4定期執行資通安全稽核作業,以確保資通安全管理落實執行。
Conduct regular information security audits to ensure the effective implementation of information security management. - 管理審查Management Review
本政策由資通安全長核定,每年至少進行1次管理審查(可採召開會議或書面審查方式辦理),或於組織有重大變更時(如組織調整、業務重大異動等)重新評估。依評估結果、相關法令、技術及業務等最新發展現況,予以適當修訂。
This policy is approved by the Chief Information Security Officer and is reviewed at least once a year (either by meeting or written review). In the event of significant organizational changes (such as structural adjustments or major shifts in business), the policy is re-evaluated and revised accordingly based on the latest developments in relevant laws, technology, and business requirements. - 實施Implementation
本政策經資通安全長核定後實施,修訂時亦同。
This policy takes effect once approved by the Chief Information Security Officer, and amendments shall follow the same approval procedures before implementation.