Security PolicyPrint
“TAIWAN FOUNDATION for Democracy Website” (hereinafter “the Website”) specifically complies with the “The Regulation on Electronic Processing of Personal Data Protection”, for the protection of the Website’s data and your own, and implements the following Website Security Policy to state the Website’s security practices.
1. The Scope of the Policy
The following Website Security Policy is applicable to the collection, utilization, and protection of personal data when you are browsing the Website; however, it is not applicable to the other websites that are linked therefrom. When one follows links to other websites, the website security policies of that website apply.
2. The Control of Data Access
System data access and authorization requirements shall be implemented; written, electronic, or other means of notification shall be established to inform the staff and the users of the permissions and responsibilities of the site.
The authorization privileges for various data resources shall be immediately cancelled for staff who have resigned or have been terminated; this shall be regarded as the mandatory procedure for employment termination and resignation. For any adjustment or alteration of staff duty, authorization shall be adjusted within a certain period time according to the data access privileges of the new position.
A user registration management system shall be established to strengthen user password management. User passwords, in principle, shall not be used for a period longer than six months.
When system service vendors remotely log into the system for maintenance, security control measures shall be enhanced. A relevant roster shall be created for personnel with such responsibility.
An auditing system for data security shall be established to periodically or randomly execute data security audits.
3. The Website Security Procedures and Rules
At the points connecting to external networks, a firewall will be established to control data transfer and source access between the external and internal network and an identification process will be strictly enforced.
In order to identify unauthorized intentional intruders trying to upload or modify website information, an Internet intrusion detection system will be utilized to monitor the flow of network traffic.
The Internet data transmission cannot guarantee 100 percent security; the Website will strive to protect the personal data of the Website and your own. In certain situations, a standard SSL security system will be utilized to ensure data transmission security. However, the data transmission process is influenced by your own Internet surfing environment. As we cannot guarantee the security of the data transmission from this Website, you must pay attention to and assume the risks involved in Internet data transmission. Please understand that any consequence resulting from this is beyond the Website’s control.
4. The security management of the firewall
- A firewall will be established as a network relay server (such as Proxy Server) that provides the transport and control of Internet, services such as Telnet, FTP, and WWW.
- The office’s firewall system software will frequently update its version to be able to respond to a variety of network attacks.