Jump to main content
Favorite Keywords Search:Aviation safetyPublic ServicesAbout CAA
menu

search

Information Security Policy

Personal Information Collection and Use

  • Personal information will be used only for specific purposes related to the service we provide and will not be disclosed to any third party in accordance with the Computer-Processed Personal Information Law and other related regulations.
  • When you use our website, we automatically collect the following information: date and time, the webpage you request, URL you are on, browser type, any action (such as downloads, etc) whether that action was successful or not. This information will help us improve the efficiency of our website.
  • We may monitor any action which produces excessive traffic to our website.

Confidentiality Security and Training

  • For employees who deal with sensitive and confidential information, and for those who are entitled to manage systems because of job requirements, a clear division of jobs in order to disperse rights and duties should be arranged, and evaluation and examination systems should be established, as well as mutual support systems.
  • For employees who resign, ask for leave, or are suspended from duties, all related matters must follow relevant procedures and all system authorization must be cancelled immediately.
  • Education and training for information security based on the position and occupational ability of employees should be conducted depending on the actual situation in order to make employees understand the importance of possible risks, and enhance awareness to conform to relevant regulations.

Information Security Procedure and Protection

  • We have operating procedures for information security issues, and will impose the necessary responsibility on employees concerned in order to tackle these matters promptly and efficiently.
  • We have an alert system for changes in the management of information facilities and systems to avoid security loopholes.
  • We process and protect personal information in accordance with related provisions of the Computer-Process Personal Information Law.
  • We carry system backup facilities, and periodically update/back-up necessary data and software in order to be able to promptly restore all data in case of damage or media failure.

Management of Internet Security

  • We have established firewalls to monitor data transmission and resource access between external and internal network links, and conduct identity-recognition operations.
  • Any confidential and sensitive information or documentation is neither stored in an open system nor delivered by e-mail.
  • We periodically examine and inspect internal networks for information security, the latest virus codes and other security issues.

System Access Control Management

  • We have set up password issuance and change procedures depending on operation systems and security management requirements, and record it accordingly.
  • The information center management staff should assign authorization accounts and passwords for employees to log in to each system according to their staff level, and update them regularly.
Last updated: 2019/01/03 15:09
TOP