| |
| I. |
Scope |
| |
IEI Integration Corp. (IEI) develops the Information Security Policy to strengthen information security management and ensure the confidentiality, availability and implementation of IEI information assets in order to provide a information environment for information business continuity. The policy complies with the relevant regulation requirements and prevent the deliberate or accidental threats from inside or outside of the company.
Established the policy by the top management, executed by the effective operation of the system, contains the continuous improvement process to prevent nonconformities in order to achieve information security purposes.
|
| II. |
Applicable Areas |
| |
IEI establishes the Information Security Management System (ISMS) in accordance with the concerns of "internal and external stakeholders." and the relevant government regulation requirements. To ensure confidentiality, availability and implementation of the information, the ISMS is designed to be used in the security management of operation of Server Room and Development, maintenance, update and version control of ERP、MES, EDI, Software Store , Online Shop, License Manager system.
The ISMS is already able to acquire information about the operation and management processes and meet all safety requirements and expectations. The ISMS covers fourteen management matters to prevent data misuse, leakage, tampering and destruction due to human error, deliberate revealing, natural disasters or other factors, resulting in possible risks and hazards to IEI. Management matters include:
1. Information security policy
2. Organization of information security
3. Human resource security
4. Asset management
5. Access control
6. Encryption
7. Physical and environmental security
8. Operation security
9. Communication security
10. System acquisition, development and maintenance
11. Supplier relationship
12. Information security incident management
13. Information security aspects of business continuity management
14. Compliance
|
| III. |
Definitions |
| |
3.1 Information Asset: the hardwares, softwares, services, documents and people that maintain IEI information business operation.
3.2 Information environment for business continuity management: the computer operating environment that maintain IEI business operation.
|
| IV. |
Objectives |
| |
Maintain the confidentiality, integrity and availability of IEI information assets, and protect user data privacy. With the concerted efforts of all colleagues to accomplish the following objectives:
4.1 Protect IEI's business activity information from unauthorized access.
4.2 Protect IEI's business activity information from unauthorized modifications, and ensure the information is correct and complete.
4.3 Establish an inter-departmental information security organizations to develop, promote, implement, evaluate and improve the information security management, and to ensure that IEI has an information environment for business continuity.
4.4 Implement information security education and training, promote staff awareness, and enhance their knowledge on related responsibilities.
4.5 Implement information security risk assessment to improve the effectiveness and timeliness of information security management.
4.6 Implement information security internal audit system to ensure the implementation of information security management.
4.7 Business activities of IEI shall comply with the requirements of the relevant act or regulations.
|
| V. |
Responsibility |
| |
5.1 IEI managers establish and review this policy.
5.2 IEI information security administrators implement this policy through appropriate standards and procedures.
5.3 All staff and outsourcing vendors are required to follow the relevant safety management procedures to meet the information security policy requirements.
5.4 All staff have a responsibility to report any information security incidents and identified vulnerabilities.
5.5 Penalties will be imposed on any behaviors endangering the information security depending on the seriousness of the investigation under the civil, criminal and administrative liability regulations or under the Company’s regulations. |
| |
|
| |
IEI has introduced ISO 27001 information management system and regularly obtains ISO 27001 certification. Certificate link |
| |
Version 1.5 |
|
