Information Security Policy

  1. Home
  2. Governance
  3. Information Security Policy
Governance Principles Internal Audit Board of Directors Members of the Board of Directors Skill Matrix of Board Members Performance Evaluation Succession Plan Corporate Governance Officer Committees Information Security Policy Ethical Corporate Management Ethical Policies Histories

Governance

Information Security Policy

110年度資訊安全報告(第七屆第3次)
109年度資訊安全報告(第六屆第17次)
108年度資訊安全報告(第六屆第10次)

Information security risk management framework

In order to strengthen the security and management of information operations, the company has established an inter-departmental information security committee to formulate information security management policies, promote "information processing regulations", coordinate inter-departmental information processing operations, review the company's information security policy and implementation results, and promptly report to the board of directors on the company's information security management. The information security committee is framed as the following chart:

Information security policy objectives

Ensure the confidentiality, integrity and accessibility of information assets, and protect user's information privacy.

Ensure the normal operation of all the company's information operating systems, maintain the security of network information, and ensure the confidentiality and integrity of the company's computerized data. Information management, system development and program modification, preparation of system documents, programs and data access, data input and output, data processing, computer file and equipment security management, hardware and system software purchase, use and maintenance, system recovery plan formulation and testing procedures, information communication security management, system or mail account password applications, etc. are all within the scope of information security management.

Information Security Committee

  • Develop an information security policy
  • Develop internal information security procedures
  • Assess and improve information security management

Internal and External Audit

  • Audit company operational process
  • Inspect whether all the control measures are implemented

Each Department

  • Execute information security education and training
  • Promote the awareness and responsibility of information security to employees

Information security management measures

Categories Description Related Procedures

Authorization Management

Management of each system account and authorization

  • Information demand form

Accessibility Management

Access management Access to internal and external data, letter transmission, control through filtering

  • Internal / external accessibility control measures
  • Control of data leakage channels
  • Operational behavior track record

External Prevention

Network security, anti-virus software, outsourcing and third-party supplier

  • Network security maintenance, network point installation
  • Legal copyright, anti-virus software installation
  • Signing confidentiality agreements

System Repair

System usage status, handling measures for disconnection

  • Maintenance of notification system

Database management

Database backup

  • Promptly backup of data
  • Remote backup

The emergency strain plan of the company's information system is as follows. The reporting and handling of information security incidents should all be performed in compliance with the procedures.

About
Information
Contact
Taoyuan
19F., No.168, Ching-Kuo Rd., Taoyuan Dist., Taoyuan City 330, Taiwan (R.O.C.)
+886-3-346-9595
Taipei
3F.-1, No. 300, Sec. 1, Neihu Rd., Neihu Dist., Taipei City 114, Taiwan (R.O.C.)
+886-2-33221589

ShareHope Medicine Co., Ltd.

Sharehope Missioncare

Copyrights © 2024 ShareHope Medicine Co., Ltd. All Rights Reserved