KMU Information Securiy Policy - 修訂歷史

Cch在2025年3月6日 (四) 02:50

2025-03-06T02:50:33Z

←上一修訂		在2025年3月6日 (四) 02:50所做的修訂版本
第1行：		第1行：
-	~~<pre>~~	+	Please Reference
-	~~Kaohsiung Medical University Information Security Policy~~	+

-	~~Document No~~. ~~IS-A-001~~	+	[https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E6%94%BF%E7%AD%96 資訊安全政策]
-		+
-	~~Confidentiality level general~~	+
-		+
-	~~Revision 1~~.3	+
-		+
-	1. ~~OBJECTIVE~~	+

-	~~The set of policies aimed at ensuring Kaohsiung Medical University (hereinafter referred to as the school)~~	+	[https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E5%80%8B%E4%BA%BA%E8%B3%87%E6%96%99%E4%BF%9D%E8%AD%B7%E7%AE%A1%E7%90%86%E6%94%BF%E7%AD%96 個人資料保護管理政策]
-	~~belongs information assets confidentiality, integrity and availability, and comply with the requirements of~~	+
-	~~relevant laws and regulations, harmless from internal and external threat of deliberate or accidental~~ .	+

-	~~2. SCOPE~~	+	[https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E9%9A%B1%E7%A7%81%E6%AC%8A%E6%94%BF%E7%AD%96 隱私權政策]
-		+
-	~~Information security management covers 11 management issues, to avoid human error, deliberate or natural~~	+
-	~~disasters and other factors, resulting information is not When using, leakage, tampering, destruction,~~	+
-	~~violations occur, our school has brought a variety of possible risks and hazards. Management issues are as~~	+
-	~~follows~~:	+
-		+
-	2.~~1 Information security policy setting and evaluation~~	+
-	2.~~2 Information security organization~~	+
-	2.~~3 Information asset classification and control~~	+
-	2.~~4 Safety of personnel management and training~~	+
-	~~2.5 Physical and environmental security~~	+
-	~~2.6 Communication and job security management~~	+
-	~~2.7 Access control security~~	+
-	~~2.8 Safety system development and maintenance~~	+
-	~~2.9 Information security incident response and handling~~	+
-	~~2.10 Business continuity operations management~~	+
-	~~2.11 Regulations and compliance policy implementation units~~	+
-		+
-	~~Our school internal staff, outsourcing vendors and visitors and should comply with this policy.~~	+
-		+
-	~~3. TARGET~~	+
-		+
-	~~Our school colleagues should maintain the confidentiality, integrity and availability of our information~~	+
-	~~assets and protect user data privacy to achieve the following targets:~~	+
-		+
-	~~3.1 Protection of our business activities information from unauthorized access.~~	+
-	~~3.2 Protection of our business activities information from unauthorized modifications to ensure that it is~~	+
-	~~correct and complete.~~	+
-	~~3.3 IT business continuity establish operational plans to ensure the continued operation of our business~~	+
-	~~activities.~~	+
-	~~3.4 School's activities shall comply with the implementation of the requirements of relevant laws or~~	+
-	~~regulations.~~	+
-		+
-	~~4. RESPONSIBILIEY~~	+
-		+
-	~~4.1 School's management to establish and review this policy.~~	+
-	~~4.2 Information security managers through appropriate standards and procedures to implement this policy.~~	+
-	~~4.3 All personnel and outsourcing services vendors are required in accordance with relevant safety management~~	+
-	~~procedures to maintain information security policies.~~	+
-	~~4.4 All officers are responsible for reporting information security incidents and of any identified weaknesses.~~	+
-	~~4.5 Any compromise information security behavior , depending on the seriousness will pursue its legal~~	+
-	~~responsibility and administrative responsibility according to the school or the relevant provisions of~~	+
-	~~punishment .~~	+
-		+
-	~~5. REVIEW~~	+
-		+
-	~~This policy should be reviewed at least annually once only , to reflect the government decree , the latest~~	+
-	~~technology and business development status , to ensure that the school forever Continued operation of network~~	+
-	~~services and the provision of academic ability .~~	+
-		+
-	~~6. IMPLEMENTATION~~	+
-		+
-	~~6.1 Information security policy management review meetings with the information security policy audits.~~	+
-	~~6.2 This policy will be "Information Security Committee" after the implementation of the resolutions ,~~	+
-	~~amendments are made.~~	+
-		+
-	</~~pre>~~	+
-		+
-	~~[[Image: KMU~~-~~EDU-ISMS-Cert2013.jpg]~~]	+

Cch在2013年11月29日 (五) 01:12

2013-11-29T01:12:58Z

←上一修訂		在2013年11月29日 (五) 01:12所做的修訂版本
第33行：		第33行：
	2.11 Regulations and compliance policy implementation units		2.11 Regulations and compliance policy implementation units

-	Our school 's internal staff, outsourcing vendors and visitors and should comply with this policy.	+	Our school internal staff, outsourcing vendors and visitors and should comply with this policy.

	3. TARGET		3. TARGET

-	~~School~~ colleagues should maintain the confidentiality, integrity and availability of our information	+	Our school colleagues should maintain the confidentiality, integrity and availability of our information
	assets and protect user data privacy to achieve the following targets:		assets and protect user data privacy to achieve the following targets:

Cch在2013年11月29日 (五) 01:11

2013-11-29T01:11:30Z

←上一修訂		在2013年11月29日 (五) 01:11所做的修訂版本
第37行：		第37行：
	3. TARGET		3. TARGET

-	~~Maintain~~ the confidentiality of our information assets ~~, integrity and availability ,~~ and protect	+	School colleagues should maintain the confidentiality, integrity and availability of our information
-	user data privacy~~. With all my colleagues in common Efforts~~ to achieve the following ~~objectives~~:	+	assets and protect user data privacy to achieve the following targets:

	3.1 Protection of our business activities information from unauthorized access.		3.1 Protection of our business activities information from unauthorized access.
第45行：		第45行：
	3.3 IT business continuity establish operational plans to ensure the continued operation of our business		3.3 IT business continuity establish operational plans to ensure the continued operation of our business
	activities.		activities.
-	3.4 School 's activities shall comply with the implementation of the requirements of relevant laws or	+	3.4 School's activities shall comply with the implementation of the requirements of relevant laws or
	regulations.		regulations.

Cch在2013年11月29日 (五) 01:07

2013-11-29T01:07:38Z

←上一修訂		在2013年11月29日 (五) 01:07所做的修訂版本
第1行：		第1行：
	<pre>		<pre>
-	~~'''~~ Kaohsiung Medical University Information Security Policy ~~'''~~	+	Kaohsiung Medical University Information Security Policy

	Document No. IS-A-001		Document No. IS-A-001
第24行：		第24行：
	2.2 Information security organization		2.2 Information security organization
	2.3 Information asset classification and control		2.3 Information asset classification and control
-	2.4 Safety of personnel management and training ~~. ===~~	+	2.4 Safety of personnel management and training
-	2.5 Physical and environmental security~~. ===~~	+	2.5 Physical and environmental security
-	2.6 Communication and job security management~~. ===~~	+	2.6 Communication and job security management
-	2.7 Access control security ~~. ===~~	+	2.7 Access control security
-	2.8 Safety system development and maintenance ~~. ===~~	+	2.8 Safety system development and maintenance
-	2.9 Information security incident response and handling.	+	2.9 Information security incident response and handling
-	2.10 Business continuity operations management ~~. ===~~	+	2.10 Business continuity operations management
-	2.11 Regulations and compliance policy implementation units ~~. ===~~	+	2.11 Regulations and compliance policy implementation units

-	Our school 's internal staff, outsourcing vendors and visitors and should comply with this policy .	+	Our school 's internal staff, outsourcing vendors and visitors and should comply with this policy.

	3. TARGET		3. TARGET
第40行：		第40行：
	user data privacy. With all my colleagues in common Efforts to achieve the following objectives:		user data privacy. With all my colleagues in common Efforts to achieve the following objectives:

-	3.1 Protection of our business activities information from unauthorized access . ~~===~~	+	3.1 Protection of our business activities information from unauthorized access.
-	3.2 Protection of our business activities information from unauthorized modifications to ensure that it is correct and complete . ~~===~~	+	3.2 Protection of our business activities information from unauthorized modifications to ensure that it is
-	3.3 IT business continuity establish operational plans to ensure the continued operation of our business activities . ~~===~~	+	correct and complete.
-	3.4 School 's activities shall comply with the implementation of the requirements of relevant laws or regulations . ~~===~~	+	3.3 IT business continuity establish operational plans to ensure the continued operation of our business
		+	activities.
		+	3.4 School 's activities shall comply with the implementation of the requirements of relevant laws or
		+	regulations.

	4. RESPONSIBILIEY		4. RESPONSIBILIEY

-	4.1 School's management to establish and review this policy. ~~===~~	+	4.1 School's management to establish and review this policy.
-	4.2 Information security managers through appropriate standards and procedures to implement this policy. ~~===~~	+	4.2 Information security managers through appropriate standards and procedures to implement this policy.
-	4.3 All personnel and outsourcing services vendors are required in accordance with relevant safety management procedures to maintain information security policies. ~~===~~	+	4.3 All personnel and outsourcing services vendors are required in accordance with relevant safety management
-	4.4 All officers are responsible for reporting information security incidents and of any identified weaknesses. ~~===~~	+	procedures to maintain information security policies.
-	4.5 Any compromise information security behavior , depending on the seriousness will pursue its legal responsibility and administrative responsibility according to the school or the relevant provisions of punishment . ~~===~~	+	4.4 All officers are responsible for reporting information security incidents and of any identified weaknesses.
		+	4.5 Any compromise information security behavior , depending on the seriousness will pursue its legal
		+	responsibility and administrative responsibility according to the school or the relevant provisions of
		+	punishment .

	5. REVIEW		5. REVIEW

-	This policy should be reviewed at least annually once only , to reflect the government decree , the latest technology and business development status , to ensure that the school forever	+	This policy should be reviewed at least annually once only , to reflect the government decree , the latest
-	Continued operation of network services and the provision of academic ability .	+	technology and business development status , to ensure that the school forever Continued operation of network
		+	services and the provision of academic ability .

	6. IMPLEMENTATION		6. IMPLEMENTATION

-	6.1 Information security policy management review meetings with the information security policy audits. ~~===~~	+	6.1 Information security policy management review meetings with the information security policy audits.
-	6.2 This policy will be "Information Security Committee" after the implementation of the resolutions , amendments are made. ~~===~~	+	6.2 This policy will be "Information Security Committee" after the implementation of the resolutions ,
		+	amendments are made.

	</pre>		</pre>

	[[Image: KMU-EDU-ISMS-Cert2013.jpg]]		[[Image: KMU-EDU-ISMS-Cert2013.jpg]]

Cch在2013年11月29日 (五) 00:57

2013-11-29T00:57:10Z

←上一修訂		在2013年11月29日 (五) 00:57所做的修訂版本
第1行：		第1行：
		+	<pre>
	''' Kaohsiung Medical University Information Security Policy '''		''' Kaohsiung Medical University Information Security Policy '''

第7行：		第8行：
	Revision 1.3		Revision 1.3

-	~~==Objective==~~	+	1. OBJECTIVE
-	~~The set of policies aimed at ensuring Kaohsiung Medical University (hereinafter referred to as the school) belongs information assets confidentiality, integrity~~	+
-	~~and availability, and comply with the requirements of relevant laws and regulations, harmless from internal and external threat of deliberate or accidental~~ .	+

-	~~==Scope==~~	+	The set of policies aimed at ensuring Kaohsiung Medical University (hereinafter referred to as the school)
-	Information security management covers 11 management issues, to avoid human error, deliberate or natural disasters and other factors, resulting information is not	+	belongs information assets confidentiality, integrity and availability, and comply with the requirements of
-	When using, leakage, tampering, destruction, violations occur, our school has brought a variety of possible risks and hazards. Management issues are as follows:	+	relevant laws and regulations, harmless from internal and external threat of deliberate or accidental .
		+
		+	2. SCOPE
		+
		+	Information security management covers 11 management issues, to avoid human error, deliberate or natural
		+	disasters and other factors, resulting information is not When using, leakage, tampering, destruction,
		+	violations occur, our school has brought a variety of possible risks and hazards. Management issues are as
		+	follows:

-	~~===~~ Information security policy setting and evaluation. ~~===~~	+	2.1 Information security policy setting and evaluation
-	~~===~~ Information security organization . ~~===~~	+	2.2 Information security organization
-	~~===~~ Information asset classification and control . ~~===~~	+	2.3 Information asset classification and control
-	~~===~~ Safety of personnel management and training . ===	+	2.4 Safety of personnel management and training . ===
-	~~===~~ Physical and environmental security. ===	+	2.5 Physical and environmental security. ===
-	~~===~~ Communication and job security management. ===	+	2.6 Communication and job security management. ===
-	~~===~~ Access control security . ===	+	2.7 Access control security . ===
-	~~===~~ Safety system development and maintenance . ===	+	2.8 Safety system development and maintenance . ===
-	~~===~~ Information security incident response and handling.~~===~~	+	2.9 Information security incident response and handling.
-	~~===~~ Business continuity operations management . ===	+	2.10 Business continuity operations management . ===
-	~~===~~ Regulations and compliance policy implementation units . ===	+	2.11 Regulations and compliance policy implementation units . ===

	Our school 's internal staff, outsourcing vendors and visitors and should comply with this policy .		Our school 's internal staff, outsourcing vendors and visitors and should comply with this policy .

-	~~==Target==~~	+	3. TARGET
-	Maintain the confidentiality of our information assets , integrity and availability , and protect user data privacy. With all my colleagues in common	+
-	Efforts to achieve the following objectives:	+	Maintain the confidentiality of our information assets , integrity and availability , and protect
		+	user data privacy. With all my colleagues in common Efforts to achieve the following objectives:

-	~~===~~ Protection of our business activities information from unauthorized access . ===	+	3.1 Protection of our business activities information from unauthorized access . ===
-	~~===~~ Protection of our business activities information from unauthorized modifications to ensure that it is correct and complete . ===	+	3.2 Protection of our business activities information from unauthorized modifications to ensure that it is correct and complete . ===
-	~~===~~ IT business continuity establish operational plans to ensure the continued operation of our business activities . ===	+	3.3 IT business continuity establish operational plans to ensure the continued operation of our business activities . ===
-	~~===~~ School 's activities shall comply with the implementation of the requirements of relevant laws or regulations . ===	+	3.4 School 's activities shall comply with the implementation of the requirements of relevant laws or regulations . ===

-	~~==Responsibility==~~	+	4. RESPONSIBILIEY
-	~~=== School's management to establish and review this policy~~. ~~===~~	+
-	~~=== Information security managers through appropriate standards and procedures to implement this policy. ===~~	+
-	~~=== All personnel and outsourcing services vendors are required in accordance with relevant safety management procedures to maintain information security policies. ===~~	+
-	~~=== All officers are responsible for reporting information security incidents and of any identified weaknesses. ===~~	+
-	=== Any compromise information security behavior , depending on the seriousness will pursue its legal responsibility and administrative responsibility according to the school or the relevant provisions of punishment . ===	+

-	==~~Review~~==	+	4.1 School's management to establish and review this policy. ===
		+	4.2 Information security managers through appropriate standards and procedures to implement this policy. ===
		+	4.3 All personnel and outsourcing services vendors are required in accordance with relevant safety management procedures to maintain information security policies. ===
		+	4.4 All officers are responsible for reporting information security incidents and of any identified weaknesses. ===
		+	4.5 Any compromise information security behavior , depending on the seriousness will pursue its legal responsibility and administrative responsibility according to the school or the relevant provisions of punishment . ===
		+
		+	5. REVIEW
		+
	This policy should be reviewed at least annually once only , to reflect the government decree , the latest technology and business development status , to ensure that the school forever		This policy should be reviewed at least annually once only , to reflect the government decree , the latest technology and business development status , to ensure that the school forever
	Continued operation of network services and the provision of academic ability .		Continued operation of network services and the provision of academic ability .

-	~~==Implementation==~~	+	6. IMPLEMENTATION
-	~~===~~ Information security policy management review meetings with the information security policy audits. ===	+
-	~~===~~ This policy will be "Information Security Committee" after the implementation of the resolutions , amendments are made. ===	+	6.1 Information security policy management review meetings with the information security policy audits. ===
		+	6.2 This policy will be "Information Security Committee" after the implementation of the resolutions , amendments are made. ===
		+
		+	</pre>

	[[Image: KMU-EDU-ISMS-Cert2013.jpg]]		[[Image: KMU-EDU-ISMS-Cert2013.jpg]]

Cch在2013年11月20日 (三) 03:04

2013-11-20T03:04:50Z

←上一修訂		在2013年11月20日 (三) 03:04所做的修訂版本
第23行：		第23行：
	=== Access control security . ===		=== Access control security . ===
	=== Safety system development and maintenance . ===		=== Safety system development and maintenance . ===
-	=== Information security incident response and handling of . ===	+	=== Information security incident response and handling.===
	=== Business continuity operations management . ===		=== Business continuity operations management . ===
	=== Regulations and compliance policy implementation units . ===		=== Regulations and compliance policy implementation units . ===

Cch: 新頁面: ''' Kaohsiung Medical University Information Security Policy ''' Document No. IS-A-001 Confidentiality level general Revision 1.3 ==Objective== The set ...

2013-11-20T03:00:12Z

新頁面: ''' Kaohsiung Medical University Information Security Policy ''' Document No. IS-A-001 Confidentiality level general Revision 1.3 ==Objective== The set ...

新頁面

''' Kaohsiung Medical University Information Security Policy '''

Document No. IS-A-001

Confidentiality level general

Revision 1.3

==Objective==
The set of policies aimed at ensuring Kaohsiung Medical University (hereinafter referred to as the school) belongs information assets confidentiality, integrity
and availability, and comply with the requirements of relevant laws and regulations, harmless from internal and external threat of deliberate or accidental .

==Scope==
Information security management covers 11 management issues, to avoid human error, deliberate or natural disasters and other factors, resulting information is not
When using, leakage, tampering, destruction, violations occur, our school has brought a variety of possible risks and hazards. Management issues are as follows:

=== Information security policy setting and evaluation. ===
=== Information security organization . ===
=== Information asset classification and control . ===
=== Safety of personnel management and training . ===
=== Physical and environmental security. ===
=== Communication and job security management. ===
=== Access control security . ===
=== Safety system development and maintenance . ===
=== Information security incident response and handling of . ===
=== Business continuity operations management . ===
=== Regulations and compliance policy implementation units . ===

Our school 's internal staff, outsourcing vendors and visitors and should comply with this policy .

==Target==
Maintain the confidentiality of our information assets , integrity and availability , and protect user data privacy. With all my colleagues in common
Efforts to achieve the following objectives:

=== Protection of our business activities information from unauthorized access . ===
=== Protection of our business activities information from unauthorized modifications to ensure that it is correct and complete . ===
=== IT business continuity establish operational plans to ensure the continued operation of our business activities . ===
=== School 's activities shall comply with the implementation of the requirements of relevant laws or regulations . ===

==Responsibility==
=== School's management to establish and review this policy. ===
=== Information security managers through appropriate standards and procedures to implement this policy. ===
=== All personnel and outsourcing services vendors are required in accordance with relevant safety management procedures to maintain information security policies. ===
=== All officers are responsible for reporting information security incidents and of any identified weaknesses. ===
=== Any compromise information security behavior , depending on the seriousness will pursue its legal responsibility and administrative responsibility according to the school or the relevant provisions of punishment . ===

==Review==
This policy should be reviewed at least annually once only , to reflect the government decree , the latest technology and business development status , to ensure that the school forever
Continued operation of network services and the provision of academic ability .

==Implementation==
=== Information security policy management review meetings with the information security policy audits. ===
=== This policy will be "Information Security Committee" after the implementation of the resolutions , amendments are made. ===

[[Image: KMU-EDU-ISMS-Cert2013.jpg]]