Skip To Main Content

National Library of Public InformationLogo of National Library of Public Information National Library of Public InformationLogo of National Library of Public Information

Member Center
Hot Keywords:

Security Policy

Purpose

The purpose of this Security Policy is to ensure the confidentiality, integrity, and availability of the information assets of the National Library of Public Information (hereinafter referred to as "the Library"). This Policy is established to comply with applicable laws and regulations, protect information assets against internal and external threats—whether intentional or accidental—and support the Library's operational requirements.

Policy Statement

The Library is committed to maintaining the security of its computer facilities, information systems, and network infrastructure to prevent unauthorized use, disclosure, alteration, damage, or loss of information assets resulting from human error, malicious activities, or natural disasters, thereby ensuring the continuity of Library operations and protecting the rights and interests of the public.
Scope
  • This Policy applies to all personnel within the scope of the Library's Information Security Management System (ISMS), including employees, outsourced service providers, contractors, and visitors.
  • The Library's Information Security Management System covers the following fourteen security domains to minimize risks arising from human error, malicious actions, or natural disasters:
    • Information Security Policy
    • Organization of Information Security
    • Human Resource Security
    • Asset Management
    • Access Control
    • Cryptography
    • Physical and Environmental Security
    • Operations Security
    • Communications Security
    • System Acquisition, Development and Maintenance
    • Supplier Relationships
    • Information Security Incident Management
    • Information Security Aspects of Business Continuity Management
    • Compliance

Objectives

To safeguard the confidentiality, integrity, and availability of information assets within the scope of certification and to protect users' personal information, the Library is committed to achieving the following objectives through the collective efforts of all personnel:

  • No incidents involving the leakage of confidential or higher-classified information each year.
  • No incidents involving unauthorized alteration of information each year.
  • Maintain an annual availability rate of at least 96% for critical information systems and computer room operation services.
  • Ensure that interruptions to critical services caused by cybersecurity incidents, system failures, or other security events do not exceed six (6) occurrences per year.
  • Ensure that each service interruption resulting from cybersecurity incidents, system failures, or other security events does not exceed eight (8) hours.

Responsibilities and Awareness

  • An Information Security Organization shall be established to oversee and coordinate the implementation of information security management.
  • Management shall actively participate in and support the Information Security Management System (ISMS) and implement this Policy through appropriate standards, procedures, and management practices.
  • All personnel, outsourced service providers, contractors, and visitors within the scope of this Policy shall comply with its requirements.
  • All personnel and outsourced service providers are responsible for reporting information security incidents or vulnerabilities through established reporting procedures.
  • Any act that compromises information security may result in civil, criminal, or administrative liability, as well as disciplinary actions in accordance with applicable laws and the Library's internal regulations.
  • This Policy shall be communicated annually to all Library personnel through security awareness training, internal meetings, email notifications, announcements, or other appropriate means. The effectiveness of such communication shall also be reviewed.
  • The Library shall annually communicate its information security policy and objectives to relevant interested parties, such as IT service providers and organizations connected to the Library's information systems, and evaluate the effectiveness of such communication.

Review

To ensure the continuing suitability, adequacy, effectiveness, and security of the Information Security Management System (ISMS), this Policy and related information security requirements shall be reviewed at least once each year, or whenever necessary, in response to changes in business operations, technological developments, risk assessment results, government information security requirements, applicable laws and regulations, or other significant operational changes.

Implementation

This Policy shall become effective upon approval by the Information Security Committee of the National Library of Public Information. Any amendments to this Policy shall follow the same approval procedure.

PAGE TOP