The Latest |
PurposesObjectivesStatementsApplication ScopeOrganizations and Responsibilities
Implementation modesImplementation principles
Information technology plays a vital role in the business systems of Taiwan Railway Administration (hereinafter referred to as the Administration) such as: the office automation system, the business information system and the personnel and salary system, etc. Information resources form an important part of the assets of the Administration, and therefore, shall be protected properly.
In order to ensure normal operation of all businesses of the Administration, non-stop operation of all information systems is necessary. Because of the wide use of the Internet, information systems of the Administration must be connected with outside information systems. As a result, new management issues, challenges and responsibilities appear. Potential risks do exist in the processing of information by information systems of the Administration and information generated by office software packages. Therefore, we shall tighten management measures in order to avoid adverse influences on businesses of the Administration caused by human or external factors. So, the establishment and execution of the information security mechanism of the Administration is an urgent task.
Information security refers to the continuous use of various kinds of information. In establishing the information security and control system, priority shall be given to the protection of information and information systems. The establishment of an effective information security and control mechanism needs supports from the higher level of the Administration and all colleagues, as well as the preparation of, and the adherence to, all operation specifications. Information security policies include the following important items:
I. Establish ways to develop, maintain, and operate our information security management system;
II. Decide on the objectives of information security;
III. Establish organizations responsible for information security and determine their responsibilities;
IV. Decide on the principles for executing information security measures.

We shall carry out information security trainings of related personnel and have them acquire a complete knowledge of the confidentiality, integrity and availability of information assets, and protection measures, with the aim of ensuring the implementation of the policy. This policy includes: purposes, objectives, statements, application scope, organizations and responsibilities, implementation modes and principles, etc.

tilte Purposes
Information security management aims at protecting information from internal or external, deliberate or accidental threats. The Administration operates public transportation, which is closely related to the livelihood of the people and economic development. It is very important to ensure the completeness and availability of information, and therefore, the implementation of this policy is necessary.
Purposes of information security policies of the Administration are as follows:
  I. Demonstrate the resolve and commitment of the Administration to provide a safe operation environment;
  II. Serve as the guidelines of the Administration on carrying out the program of computerized governments and developing application programs of information systems;
  III. Determine the basic methods for assessing information security acts, in order to ensure that resources are effectively applied in information security acts;
  IV. Offer basic structure requirements of information systems and network design and relevant purchase specifications;
  V. Serve as the basis of the information security manual of the Administration;
  VI. The guidelines of using information systems of the Administration. We shall carry out information security trainings of all employees to avoid anyone violating the Administration’s rules by pretending not to know the information security policies;
  VII. Serve as the guidelines for examining internal units and personal of the Administration;
  VIII. Serve as the basis for addressing legal and contractual requirements. See “Regulations of Taiwan Railway Administration on Assets Security”.