NATIONAL TAX ADMINISTRATION OF SOUTHERN TAIWAN
National Tax Administration Of Southern Taiwan Province, Ministry Of Finance.
:::
top img icon top img
 Director-general		 icon top img
 Organization		 icon top img
 Service Areas		 icon top img
 Office Hours		 icon top img
 Transportation Guide
icon
top img
  
top img
 Advanced:: 		 top img
top img icon top img
 Chinese		 icon top img
 Academe		 icon top img
 PDA		 top img top img
 Home		 top img
icon top img
 Last Count: 66118		 icon top img
 Last Updated:2008/09/26		 top img
:::  
Introduction
title sign History
title sign Administration Plan
title sign Important Measures
title sign Financial Statistics
title sign Taxation Calendar
Tax Laws & Regulations
title sign Frequently-used Laws and Regulations
title sign Laws and Regulations Search
Alien Services
title sign Guide to ROC Taxes 2008
title sign Notice on Rebate of Sales Tax for Foreign Travellers
title sign Tax Rebate List
title sign Uniform-Invoice Winning Numbers
title sign White Paper on Citizen Services
FAQ
Inquiry
Links
Branch/Office
Email
SiteMap
 
title sign
*
* *
*
Yushan Photo by Fang-Yi ,Chen
  

 
 :::[content]
 
title sign Home > Security
 
Security

 
National Tax Administration, Southern Taiwan Province Information Safety Policy
Amended on: 9 August 2006
title sign Purpose
 
In order to strengthen the information security management in National Tax Administration of Southern Taiwan Province (NTAS), ensure the safety of tax data, systems and facilities, and provide reliable information service, composing this information security policy.
   
title sign Basis
 
"The Information Security Management Practices of Ministry of Finance and Affiliated Organizations (Institutions)" is promulgated by the Ministry of Finance on 24 June 2002 under Decree No. 91895856.
   
title sign Definition of Information Security
  The information security is applying the management procedure and the protection technology to ensure the safety of data collecting, processing, transferring, storing, and communicating. While executing information works, it should also ensure the safety of related information systems, including participated software, facilities, files, storage media, and every kinds of report made by printer.
   
title sign Objective of Information Security
 
  1. Ensuring the confidentiality and privacy of tax data, and preventing them from unauthorized access.
    The number of unauthorized access should not exceed 0 times.
  2. Ensuring the availability , integrity and non-repudiation of information assets.
    The number of service halt due to information security events should not exceed 3 times semi-annually, and not longer than 12 hours each time.
  3. Ensuring the efficiency and continuity of information service operation.
    Every half year, performing “Information Service Operation Continuity Plan ” rehearsal at least once, and performing all the scenarios within two years.
  4. Ensuring the information security awareness for every staff.
    Each person should take at least 4 hours information security awareness or training.
  5. Ensuring the regulation compliance of information security measure.
    Performing internal audit at least once every half year, if auditing affiliated institution in random basis, all of them should be audited within 2 years.
   
title sign Extent of Information Security
 
  1. Information security responsibility and separation of duty.
  2. Human resource management and information security awareness and training.
  3. Information system security management.
  4. Network security management.
  5. Access control management.
  6. Information system acquisition, development and maintenance.
  7. Information asset management.
  8. Physical and environmental security management.
  9. Business continuity management.
  10. Information security audit.
  11. Information security incident management.
   
title sign Organization of Information Security
 
  1. Establishing "Information Security Task Force, ISTF", the deputy commissioner serves as convener, members of ISTF are appointed by every division and office. The responsibility of ISTF is composing and reviewing this policy regularly, coordinating and discussing information security plan and resource allocation.
  2. There are "Information Security Task Group, ISTG" and "Information Security Audit Group, ISAG" under the ISTF. The ISTG handles the related assistance work of ISTF, and is convened by the Information Management Division. ISAG is in charge of information security internal audit.
   
title sign Principle of Information Security Delegation
 
  1. Discussion of information security policy, plan, measure, technical specification, research of security technology, implementation and assessment are held by the Data Gathering & Electronic Data Processing Division.
  2. While executing information work, should comply with “Tax Collection Act”, “Computer-Processed Personal Data Protection Law”, other related regulations and every procedure composed by NTAS.
  3. Technical information security training is held by the Data Gathering & Electronic Data Processing Division, and the business related information security training is held by the Government Ethics Office and associated division and office.
  4. The discussion, control, management and protection of security requirement for data and information systems are taken responsibility by business units.
  5. The Data Gathering & Electronic Data Processing Division and the Government Ethics Office are in charge of information security internal audit.
  6. The personnel security assessment is held by the Government Ethics Office.
  7. When the information and network systems of NATS are destroyed and improperly used, which cause serious damage should be mitigated by following the “Information Security Emergency Response Procedure”. ISTG should take countermeasure as soon as possible, and keep the audit trail.
  8. When personnel of NTAS violate the information security regulation, he/she should be charged according to the "Ministry of Finance Tax Affairs Personnel Rewards and Punishment Table". If someone who violates the "Official Disciplinary Punishment Act", should be charged by this law 19th stipulation; if the suspect who offends the "Criminal Law", should give transfers the judicial organ to investigate; if someone involves the national compensation event, should be charged by the "National Compensation Act" and other correlation law for investigating the correspondent responsibility. When non-NTAS personnel violate the information security regulation, also should be charged by the correlation legal rule to investigate the individual’s legal responsibility.
   
title sign Information Asset Assessment
 
  1. Categorization:
    According to the characteristics of information works, divide the assets into 6 categories, including electronic information assets, physical assets, software assets, services, documentation and people.
  2. Grade:
    According to the confidentiality, integrality and availability of all kinds of assets evaluates its value.
  3. Assessment:
    Considering the asset's own vulnerability, related threat and impact, assess the risk level, and then apply the appropriate measure on it.
   
title sign Risk Appetite
 
After risk assessment, assets are divided into different risk levels. When those falls into “unacceptable risk level”, we should compose the related risk countermeasure plan to mitigate the impact and keep track of it.
   
title sign Statement of Applicability
 
According to ISO27001: 2005 standard requires the statement of applicability as output, it is necessary to enumerate information assets whether applicable to the control measure of this standard in written way, and record the reason of non-applicability. When organization framework, people, facilities or physical environment change, ISTF should review this statement of applicability.
 
 
Top
 

AAA

 Address:6F~17F., No.7, Fubei St., North District, Tainan City 70402, Taiwan(R.O.C)
TEL:+886-6-2223111•Fax:+886-6-2221019
Copyright © National Tax Administration of Southern Taiwan Province,Ministry of Finance
.Best browse in 800x600 pixel with IE 5.0.
Private policy Information Security Policy Traffic Map Traffic Map