IBMS Information Security Policy Statement

IBMS Information Security Policy Statement

Announcement Approval Date: December 18, 2024     

Cybersecurity refers to the protection of information assets from harm through security control measures to achieve the CIA objectives, thereby supporting organizational operations to create value and fulfill the organization's mission and vision.

Information Security Objectives
To prevent disruptions to the operations of our institute from cybersecurity incidents, we aim to achieve the following security objectives:
  • Confidentiality: Implement appropriate security mechanisms to protect data from exposure to unauthorized personnel or programs.
  • Integrity: Ensure that data remains in its original state, allowing only authorized users to modify the content.
  • Availability: Ensure that authorized entities can access and use information and systems as needed, maintaining continuous operation and normal usage.
  • Compliance: Ensure that all information security operations and activities comply with government regulations, such as the Information Security Management Act and its related sub-laws, Personal Data Protection Act, Copyright Act, etc.
Security Statement
In a colloquial expression, our information security policy statement is:
"Information security is everyone's responsibility," "Confidentiality and anti-hacking are for everyone."
  1. Our institute is committed to protecting the confidentiality, integrity, and availability of all information assets to prevent data leakage, damage, or unauthorized access.
  2. Ensure the integrity of business-related information, protect business secrets, enhance data security, ensure the accuracy of business information, improve work efficiency and quality, and achieve the availability goals for continuous business operations.
  3. Enhance information security capabilities to comply with legal requirements related to government information security laws, policies, and regulations.
Regulatory Compliance
"Implementation Guidelines for Information Security Management Regulations of Academia Sinica" and "Matters to be Handled by Public Agencies with Level B Information Security Responsibility."

 

IBMS Global Information Network - Privacy and Personal Data Protection Statement

Collection and Use of Personal Data
  1. We will collect personal data only for specific purposes in accordance with the Personal Data Protection Act and related laws and will not disclose it to any third party without authorization.
  2. When using this website, we will automatically collect the following information: date and time, web pages accessed by you, your referring URL, your browser type, actions taken on this website (such as downloads), and whether those actions were successful; this information may be used to improve the performance of this website.
  3. Monitor behaviors on URLs that impose significant loads on this website.
  4. Within the scope permitted by the "Personal Data Protection Act," we may provide relevant information in response to written requests from judicial or other competent authorities based on their legal authority.
Information Security Policy and Data Protection
Unauthorized attempts to tamper with any services on this website are prohibited and may violate the law. To ensure website security and normal operation of services while protecting your personal data, this website provides the following security measures:
  1. Use network intrusion detection systems to monitor network traffic to prevent unauthorized uploads or changes to web information or intentional destruction.
  2. Install firewalls to prevent illegal intrusions, damage or theft of data, avoiding illegal use of the website.
  3. This website employs relevant systems or software dedicated to network information security to provide users with a safe browsing environment.
  4. Establish monitoring, reporting, and response mechanisms for information security incidents so that if an incident occurs, operations can be restored in the shortest time possible to minimize damage.
  5. Regularly update appropriate patches according to executed security operations and vendor notifications.
External Links from the Website
This website provides links to other websites; if you click on these links and enter other websites, those linked websites may not adhere to this website's privacy protection policy; you must refer to the privacy protection policy of those linked websites.
Compliance with Regulations
Regulations of "Academia Sinica IBMS Network Usage Guidelines" and "Taiwan Academic Network Management Regulations."If you have any questions regarding this website's privacy rights or security policies, please email:ibmsweb@ibms.sinica.edu.tw