HomeI. Purpose:
As information security is the basis for safe operation of all services, this information security policy (hereinafter referred to as the Document) is hereby made to ensure information security for Ta Yih Industrial Co., Ltd. (hereinafter referred to as Ta Yih) and as the priority policy for Ta Yih’s information security management system.
II. Objective:
The information security objective of Ta Yih is to ensure confidentiality, integrity, availability and compliance of its core system management (i.e. information system and relevant management activities within the scope of ISO27001 certification). The quantitative indicators defined based on hierarchy and functions and measuring performance of information security are used to confirm whether the implementation of the information security management system has achieved the information security objective.
1. Confidentiality: Sensitive information shall be prevented from being disclosed on the Internet.
2. Integrity: The accuracy of Ta Yih’s sensitive information (e.g. insurance data, and personal data) shall be ensured.
3. Availability: Important data possessed by Ta Yih shall be backed up.
4. Compliance: Employees shall comply with applicable laws of the R.O.C. (e.g. Personal Data Protection Act, Trade Secrets Act, applicable intellectual property right laws) to avoid any infringement on interests of Ta Yih or a third party.
Our company has considered the impact of climate change on the scope of information security management system verification. Currently, the assessed related risks are limited, and we will continue to monitor relevant developments and adjust management measures as necessary.
III. Scope of Application:
Scope of Ta Yih's information security management system.
IV. Organization and Powers:
To ensure effective operation of the information security management system, the information security organization and powers shall be defined in order to promote and proceed with management, execution and inspection tasks.
Achieve expectations consistent with information and communication security policies through the requirements of stakeholders (concerned parties) and issues.
V. Implementation Principle:
The information security management system shall be implemented based on the plan-do-check-action cycle to ensure the effectiveness and continuity of information security.
VI. Review and Evaluation:
1. The Document shall be evaluated and reviewed at least every year. Laws, technological change, all parties’ expectations, business activities, internal management and resources shall be taken into account upon evaluation and review in order to ensure the effectiveness of information security practice.
2. The Document shall be revised based on results of the review and shall come into effects after being published by General Manager.
3. Interested parties, such as employees, suppliers, customers and external auditors, shall be informed of the establishment or any revision of the Document in a proper manner (e.g. Email or public announcement on the website, or a hardcopy of the Document).
VII. Management Plan:
1. Social drills are conducted once a year.
2. System vulnerability scans are conducted twice a year.
3. Each system account permission is audited once a year.
4. Important system backups and daily confirmation of normal execution
5. Obtain information security ISO 27001 certification every year.
6. External companies connecting must use MFA two-factor authentication.
7. All information equipment is installed with EDR monitoring.