隱私權及資訊安全政策宣告/ Privacy and Information Security Policy Declaration

國立陽明交通大學食品安全及健康風險評估研究所網站(以下簡稱本網站)非常重視網站使用者的個人隱私權與資訊安全保障,因此制訂了隱私權暨資訊安全政策。 請詳細閱讀以下本所隱私權暨資訊安全政策,本政策將幫助您了解,在您使用本網站以及其延伸之相關網站所提供之服務時,我們收集、運用及保護網友個人資料的政策與原則。

Welcome to the website of Institute of Food Safety and Health Risk Assessment, NYCU! To set your mind at ease as you use the services and information of this site, we would like first to explain our policy on the protection of your privacy rights. To ensure your rights, please carefully read the following:

適用範圍

以下說明,適用於您在本網站(以 ifshra.nycu.edu.tw 網域為原則)活動時,所涉及的個人身份識別資料收集、運用與保護。但不適用於經由本網站搜尋連結之其他網站,當您在這些網站進行活動時,關於個人資料的保護,適用各該網站的隱私權暨資訊安全政策,本單位無法負擔任何連帶責任。

Scope of the Policy

The Policy governs how this site processes the individual personal data collected while you are visiting the site. The Policy does not apply to related web links and extends only to personnel entrusted by this site and to those involved in its management.

個人資料的收集與運用

  • 本網站上所蒐集之個人資料,除法律或中央主管機關另有規定外,非經使用者同意,本中心不會移轉給第三方或其他國(境)外地區處理。本中心將採取嚴格安全之保密準則,保有此等資料。
  • 本網站會自動記錄您每次上網瀏覽本所網頁、寄發電子郵件時,伺服器產生的相關記錄 (LOG) ,包括連線設備 IP 位址、使用時間、使用的瀏覽器、瀏覽及點選資料記錄等。此外,也會對個別連線者的瀏覽器予以標示,歸納使用者瀏覽器在本所網站內部所瀏覽的網頁,除非您願意告知您的個人資料,否則本所網站不會,也無法將此項記錄和您的個人資料進行對應。
  • 利用本網站所提供的服務項目,提供個人資料時,本所會依需求請您提供相關個人資料作為使用。

Collection and utilization of personal information

  • In accordance with the Personal Information Protection Act and related regulations, information will not be arbitrarily released to third parties.
  • When using this Web site, this Web site will automatically collect the following information: date and time, the Web pages you have selected, your URL, your Web browser, your actions on this Web site (such as downloads) and whether or not they were successful. This information will only be used to improve this Web sites content. Monitor behavior that causes a major load on this Web site.
  • We may use your personal information to provide you with important information about our service.

Cookies的運用

為了提供您最佳的服務,本網站會在您的電腦中放置並取用我們的Cookie ,若您不願接受Cookie的寫入,您可在您使用的瀏覽器功能項中設定隱私權等級為高,即可拒絕Cookie的寫入,但可能會導至網站某些功能無法正常執行。

Use of Cookies

A cookie is a small text file that is placed on your hard disk by a Web server. One of the primary purposes of cookies is to provide a convenient way to save you time. Most Web browsers automatically accept cookies. You can modify your browser setting to decline cookies if you do not wish to accept them.

資訊安全權責與教育訓練

  • 對處理敏感性、機密性資料之人員及因工作需要須賦於系統管理權限之人員,妥適分工,分散權責並建立評估及考核制度,及視需要建立人員相互支援制度。
  • 對離(休、停)職人員,依據人員離(休、停)職之處理程序辦理,並立即取消使用各項系統資源所有權限。
  • 依角色及職能為基礎,針對不同層級人員,視實際需要辦理資訊安全教育訓練及宣導,促使員工瞭解資訊安全的重要性,各種可能的安全風險,以提高員工資訊安全意識,促其遵守資訊安全規定。

Information safety rights training

  • Assign appropriate job responsibilities and distribution rights and set up an evaluation and examination system and if necessary, a mutual support system for personnel who handle sensitive or secret information or whose job requires them to have system administration rights.
  • Deal with personnel who take leave, retire, or are suspended in accordance with the established procedure for such cases and immediately withdraw their access rights to the various system resources.
  • Provide information security education and training to personnel at different levels based on their role and function. To improve knowledge of information security and observance of security regulations, encourage personnel to gain an understanding of the importance of information security and potential security risks.

資訊安全作業及保護

  • 建立處理資訊安全事件之作業程序,並課予相關人員必要的責任,以便迅速有效處理資訊安全事件。
  • 建立資訊設施及系統的變更管理通報機制,以免造成系統安全上的漏洞。
  • 依據電腦處理個人資料保護法之相關規定,審慎處理及保護個人資訊。
  • 建立系統備援設施,定期執行必要的資料、軟體備份及備援作業,以便發生災害或儲存媒體失效時,可迅速回復正常作業。

Information security and protection

  • Establish a procedure to handle information security events and assign relevant personnel with the responsibility to deal rapidly and effectively with information security events.
  • Establish a change management reporting mechanism for information infrastructure and systems to avoid security leaks. Carefully handle and protect personal information in accordance with provisions of the Computer-Processed Personal Data Protection Act.
  • Set up a system backup facility to perform regular backups of necessary information and software to ensure speedy recovery of normal operation during breakdowns or storage media failures.

網路安全管理

  • 與外界網路連接之網點,設立防火牆控管外界與內部網路之資料傳輸及資源存取,並執行嚴謹的身分辨識作業。
  • 機密性及敏感性的資料或文件,不存放在對外開放的資訊系統中,機密性文件不以電子郵件傳送。
  • 定期對內部網路資訊安全設施與防毒進行查核,並更新防毒系統之病毒碼,及各項安全措施。

Network security management

  • Install a firewall to control transfer of internal network data and access from outside networks and establish a rigorous identification procedure.
  • Do not store confidential and sensitive data and files in a system open to the outside world. Do not e-mail confidential files.
  • Conduct regular internal network data security and virus checks, and update virus definitions and other security measures.

系統存取控制管理

  • 視作業系統及安全管理需求訂定通行密碼核發及變更程序並作成記錄。
  • 登入各作業系統時,依各級人員執行任務所必要之系統存取權限,由資訊室系統管理人員設定賦予權限之帳號與密碼,並定期更新。

System access control management

  • Depending on operating system and security management requirements, set up a password confirmation and modification procedure and keep a record.
  • Assign access rights to personnel of all levels depending on job requirements. Account numbers and passwords to restrict access must be distributed by system administrators and changed on a regular basis.