Systemweb Technologies has implemented Information Security Management System (ISMS) policies.
Part 1. Purpose
Systemweb Technologies Co., Ltd. (hereinafter referred to as "the Company") is committed to ensuring the security of information data, systems, equipment, and network communications. We aim to effectively reduce the risks associated with human error, intentional acts, or natural disasters, which may lead to theft, improper use, leakage, alteration, or damage to information assets. In addition, we are dedicated to establishing an information security management system. To achieve these objectives, we have formulated this Information Security Policy (hereinafter referred to as "the Policy") to safeguard the confidentiality, integrity, and availability of information.
Part 2. In accordance with
ISO/IEC 27001:2013 (Information technology – Security techniques – Information security management systems – Requirements)。
Part 3. Content
Establish an organizational information security implementation team responsible for promoting information security initiatives.
Evaluate the appointment and assignment of personnel, and establish control and manpower backup systems for employees who resign, take leave, are suspended, or change positions. Additionally, conduct regular information security education and awareness programs to enhance personnel's awareness and competence in information security.
Establish an information asset storage system to effectively allocate, utilize, and manage information resources.
Consider protective measures and anti-theft design for buildings, and implement enhanced security measures for critical facilities and special locations.
Enhance computer network defense technology to promptly block external intrusion and disruption attempts.
Assess the security levels of information assets and grant appropriate access permissions to relevant personnel.
Establish a control system for the addition or modification of computer systems, and maintain comprehensive records for auditing purposes.
Establish an information emergency response mechanism and a business continuity exercise plan, and conduct regular drills, tests, and record the results.
Implement an information security audit system, conducting regular or ad-hoc audits of various computer systems, and strictly prohibit the deletion or modification of any audit records files.
Comply with relevant operational guidelines issued by regulatory authorities and timely update information regulations to ensure legal compliance.
Part 4. Amend and announce
This policy shall be reviewed regularly by the "Information Security Implementation Team" on an annual basis, and it shall be appropriately amended in response to changes in organization, business operations, regulations, or physical environments, among other factors. The policy shall be officially published and implemented following approval by the convening authority, and the same process shall apply when amendments are made.
