:::   You are here: Site Security Policy

Taipei City Childcare Resource Center (hereinafter referred to as this Site) complies with the Personal Information Protection Act and provides the site security policy as described below to protect your and this Site’s data security:

 

1. Scope of policy:
The security policy for this Site as described below applies to collection, use, and protection of personal information when you browse this Site, but does not apply to the links to other sites that are provided on this site. When you click on the links and visit other sites, the website security policies adopted by the respective websites shall apply.

 

2. Information access control
System access policy and authorization regulations are stipulated and are provided in written, electronic, or other forms to inform employees and users about their respective authorization and responsibility. Severed/suspended employees shall have their authorized access to all information resources revoked and be subject to mandatory severance/suspension procedures. System authorization shall be adjusted according to system access authorization rules period when employees are transferred or re-assigned, and this shall be done within a given time period. A system users’ registration management system is provided to enhance users’ password management. Improved security measures are taken on the system’s service providers; personnel rosters for these service providers are also compiled and related security and confidentiality responsibilities given to these personnel. An information security audit system is provided to conduct scheduled and non-scheduled information security audits.

 

3. Site security measures and guidelines
Any unauthorized upload or modification, or attempts to do so, of the services and information provided by our Department are strictly prohibited and punishable by law. For the purpose of site security and continuation of services to all online users, this Site has adopted the following security protection measures:
Firewalls are established at the nodes connecting to external networks to control data transfer and resource access between external and internal networks. Stringent identification procedures are adopted.
A network intrusion detection system is used to monitor network flow and identify any unauthorized upload attempts, modification of web information, or malicious sabotage.
Virus scan software is installed to scan for viruses on a routine basis to provide a safer browsing environment for users.
A backup system is in place to carry out necessary data/software backup and redundancy operations on a regular basis; normal operations can be quickly resumed in the case of a disaster or storage media failure.
Hacker attacks are simulated from time to time to practice system recovery procedures during security events and ensure there is adequate security defense.
Security maintenance emails from operating system or application vendors are automatically received, and recommendations from the said emails are adopted and suitable patches installed.
Security is not 100% guaranteed for data transfers over the Internet. The security of data transfers is related to the internet security of your computer, thus we are unable to guarantee the security of your data transfers to or from this Site. You are responsible for the risks associated with Internet data transfers. Please understand that any consequences arising from issues mentioned in this paragraph are beyond our control.

 

4. Data backup operation policy
As a principle, at least 3 generations of backups for critical data will be maintained. The backup data is physically protected in an ideal environment, of which security standards are comparable, if not identical, to the primary operation environment. The security control measures adopted in primary operation environments are applicable, wherever possible, in backup environments. Backup data is routinely examined to guarantee the availability of backup data.

 

5. Data recovery operation policy
Data consistency and integrity will be examined immediately before data recovery operations. Unless a major accident occurs, such as irreparable mainframe or network failure, data for this Site can be recovered to normal within 24 hours. Backup data is guaranteed to provide the latest comprehensive data that cover up to two days’ worth of data. Upon completion of data recovery, programs and databases will be operating normally. Tests on backup data should be taken routinely to guarantee availability of backup data. After the completion of data recovery operations, responsible personnel should observe the system for three days to guarantee normal operations of the system and accuracy of any newly added data.

 

6. Changes to the information security policy of this Site
As technology is advancing rapidly, it is difficult for applicable laws to keep up with advancements, and environmental changes in the future are also hard to foresee. Thus, this Site will change its information security policy as needed to fulfill the intention of good practice in network security. Upon completion of any change regarding information security policy at this Site, we will immediately announce it on this Site, using highlighted titles to prompt you to click on the links for more information.

 

7. Should you have any doubts or comments regarding the articles listed above, please contact us using the contact methods provided hereto.