Kaohsiung Customs(高雄關)

Security Policy

Go TO Content

Declaration of Information Security Policy

I. Statement

The core businesses of Kaohsiung Customs (abbreviated as KHC) are Cargo Clearance Automation System and the relevant. For ensuring the security of information assets (including data, system, equipments, etc) related to the core businesses, KHC formulates Information Security Policy (hereinafter referred to as this policy), in protection against external threats and improper internal management and uses leading to data tampering, disclosure, destruction, loss, etc.

II. Conformity

This policy is based on laws, regulations, and clearance requirements, including “Executive Yuan and its Subordinates Information Security Management Point”, “Executive Yuan and its Subordinates Information Security Management Constraint”, “Ministry of Finance and its Subordinates Information Security Management Principle”, “Customs Administration, Ministry of Finance and its Subordinate Offices Information Security Management Operation Regulation”, “Customs Law”, “Data Protection Law”, etc.

III. Vision

KHC vision is to provide convenient and safe Customs clearance service.

IV. Information Security Policy

  1. Essence of information security
    The essence of information security is roughly categorized into three:
    1. Availability
      Information assets shall provide instant and correct service to fulfill requirements of the authorized users.
    2. Integrity
      Information assets shall be categorized in accordance with their importance and be protected for their integrity.
    3. Confidentiality
      Information assets shall be inaccessible to the unauthorized users.
    Based on the characteristics and visions of KHC core businesses, information security refers to the integrity, availability, and confidentiality of Cargo Clearance Automation System and its relevant information assets.
  2. Objective
    In accordance with organizational development and requirements, based on this policy, KHC establishes an integral, feasible, effective Information Security Management System (abbreviated as ISMS) under the consideration of the risk of information assets for fulfilling the expectations and requirements of KHC. The ISMS provides the best protection for KHC information security.
  3. Performance Measurement Indicators
    KHC periodically conducts a statistical survey on the performance measurement as a basis of the assessment of ISMS. In order to meet the requirements, here are indicators:
  1. Cargo Clearance Automation System shall be ensured for 99 percent of the availability every year.
  2. Information security events shall happen less than three times every half year.
  3. Information security measurement and regulations shall conform with the existing laws. (Information audit shall be conducted at least once every season.)
  4. Feasibility of sustainable management plans shall be maintained and tested (be tested at least once every half year).
  5. Information assets shall be appropriately safeguarded with the internal controls and against the unauthorized illicit accesses. (User permission shall be checked at least once every year.)
  6. Personnel shall be provided with information security training in accordance with the job and responsibility (at least once every year).

V. Scope

This policy is suitable for all personnel (including maintenance and technical workers, contract employees, and student workers), contractors, outsourcing contractors, and all relevant information assets of KHC.

VI. Responsibility Assignment

  1. Every chief director from KHC departments (offices and branches) shall actively participate in ISMS activities in support of the ISMS.
  2. “Information Security Handling Group” is responsible for the maintenance and fulfillment of the KHC information security. The group's responsibilities are defined in the KHC documentation, “Responsibilities and Arrangement Procedure of Information Security Organization”.
  3. KHC departments (offices and branches) shall follow the proper procedure and fulfill the requirements of this policy.
  4. All personnel, contractors, and outsourcing contractors shall follow this policy.
  5. The above-mentioned staff shall follow proper procedure to report information security incidents and suspicious information security flaws.

VII. Risk Assessment and Management

In order to achieve the vision and goal of this policy, KHC establishes “Risk Assessment and Management Procedure” to manage information assets and to lower their risks to an acceptable level.

VIII. Information Security Policy Compliance

  1. Corresponding punishment or legal action will be pursued against the personnel, contractor, or outsourcing contractor, who doesn't follow this policy, the relevant information security regulations or is involved in any behavior threatening to KHC information security. The award will be presented to those who provide suggestions for improvement on information security regulations or techniques with proven success.
  2. All personnel shall sign “Confidential Agreement on Customs Personnel Information Security” and understand that information, which belongs to KHC if it's acquired during the work, shall be banned from the unauthorized uses.

VIIII. Revision of Information Security Policy

This policy shall be assessed to ensure the effectiveness of information security practice at least once every year for reflecting present government regulations, techniques, businesses, etc. Information Management Office

TEL:(07)5628459

  • Date:2015-11-16
Go TO Content