Welcome to NATIONAL IMMIGRATION AGENCY
Introduction
Administrative Plan
Statistics
Immigration News
Services
Service Handbook
Organization Chart
Application Information
Application Forms
Acts & Regulations
S.I.I.
Related Sites
Information For Foreigners

Policy Motive

This security policy shall serve as a basis to be followed in abiding to related regulations and in safeguarding the information assets of the Immigration Office (information assets include but not restricted to information, software, and hardware facility) against risk from being tampered, exposed, destroyed, or lost due to external threat or mismanagement and misuse of internal staff.

Basis

The Information Security Policy (hereinafter referred to as the Policy) drawn up based on the mission and objective of the Immigration Office and in accordance with related laws and regulations such as “Information Security Management Essentials of the Executive Yuan and Its Subordinating Agencies”, “Information Security Management Standard of the Executive Yuan and Its Subordinating Agencies”, and the “Personal Information Safeguard Act and Enforcement Rules.”

Description

  1. The Essence of Information Security
    The essence of information security is roughly classified as follows:
    • Availability
      To ensure that various information assets are provided instantly and accurately in order to meet users’ needs.
    • Integrity
      Information assets are classified according to its importance and safeguarded appropriately to ensure the integrity of information assets.
    • Confidentiality
      Proper grading of data confidentiality and be given a properly standard and protection according to grade of confidentiality.
    The information security of the Immigration Office is to ensure the integrity, availability, and confidentiality of all the information assets of the Immigration Office.
  2. Purpose of Policy and Description
    In order to achieve the mission and objective of the Immigration Office, to meet the expectation and requirement of the highest management level on information security, and to ensure that all the information assets of the Immigration Office is secured, the purpose of drawing up the information security policy of the Immigration Office is as follows:
    • To ensure the confidentiality of the relevant business information of the Immigration Office, prevent the sensitive data of the Agency and personal data of the people from leaking and get lost.
    • To ensure the integrity and availability of relevant business information of the Immigration Office, in order to carryout the work of the Immigration Office and its various businesses.
    An integrated, feasible, and effective Information Security Management System (hereinafter referred to as ISMS) was created by the Policy based on the necessity of organizational development and by taking information asset risk into account, in which asset risk underwent systemized risk evaluation, handled and managed in accordance with the evaluation result, and a written procedure was also created for various plans, operation, and control process of information security, in order to provide optimum assurance to the information security of the Immigration Office. 
  3. Objective
    In order to achieve the objective mentioned above, related objective is divided into quantitative and qualitative:
    • Quantitative objective includes:
      • To ensure that the year-round service of the Immigration Office is more than 99.95% feasibility (year-round interruption less than 4 hours).
      • To ensure that information security leaking cases handled year-round is less than 3 cases.
      • To ensure that relevant information security measures or standards meet with the requirements of the policy or existing laws and regulations, and conduct inspection at least once every half-year.
      • Protection and test for the lasting and feasibility operation of the plan, conduct test at least once a year.
      • Creating an information asset risk evaluation system, conduct risk evaluation at least once a year.
    • Qualitative policy includes:
      • To ensure than information assets are properly safeguarded, to prevent damages to the assets due to unauthorized access or work negligence.
      • To ensure that all the information security incidents or suspected weak points are reported according to the proper reporting procedure and are properly investigated and dealt with.
      • Requirements that meet with the related policies, regulations, and related laws of the government on information security.
      • Scheduled implementation of information security education.
      • Creating an operative continuous management procedure.

Applicable Scope

The Policy is applicable to all the units (including Section 1, section 2, Section 3, Section 4, Section 5, Section 6, Section 7, Administration Office, Logistics Section, Accounting Office, Personnel Office, Security Guards Office, Supervision Office, Data Processing center, CKS. International Airport Information, Kaohsiung Airport Information, Keelung Port Information, Taichung Port Information, Kaohsiung Port Information, Kaohsiung Information Center, Taichung Information Center, Hualien Information Center, Kinmen Information Center, Machu Information Center, and Interview Section) of the Immigration Office and relates information assets.

  1. It is necessary to obtain the range for BS7799-2:2002 certification for the Information System of Immigration Office, National Police Agency.  Information Security Management System (ISMS) relating to Information system of Immigration Office, National Police Agency, operated at Taipei Headquarters, Keelung harbor and CKS International Airport.
  2. Aside from the units mentioned above that are required to obtain the BS7799-2:2002 certification, other units of the Agency should also abide to the regulation of the Policy.

Division of Authority

For the efficient operation of the ISMS, the authority of each unit is as follows:

  1. To ensure that information security measures receive actual support from the management level, all the high management chiefs of the Immigration Office (director, vice director, and chief secretary) should swear their determination of carrying out information security, and should instruct related units and staff to form an information security implementation team, in order to allocate information security responsibility for efficient resource management.
  2. Members of the information security implementation team should actively participate in the various activities of ISMS.  The convener and vide convener of the team should give supports and commitments to ISMS, and ensure that the Policy meets with the mission of the Immigration Office and the requirements high management level chiefs.
  3. The convener of the information security implementation team is also the information security representative of the Immigration Office.  In the event that the convener is unable to participate in various information security activities, the vice convener shall act on his/her behalf.
  4. Every units of the Immigration Office should carryout the requirement of the Policy through proper procedures.
  5. All the staff (including contracted personnel), all the link using units, contracted companies, and commissioned companies should abide to the Policy.
  6. All the staff (including contracted personnel) is liable to reporting all the information security incidents or information security weak points discovered.

Other Regulation

  1. Proper procedure or legal action shall be taken to all the staff (including contracted personnel) of the Immigration Office who had violated the Policy or acted in any way that had endangered the information security of the Immigration Office.
  2. All the staff (including contracted personnel) of the Immigration Office should understand that all the information obtained at work is the asset of the Immigration Office.  Using any information without authorization is strictly prohibited.
  3. Stipulations and related requirements of the Policy should be abided during the signing of contract with commissioned companies.

Amendment

The Policy should be evaluated at least once a year and reflect the latest development and situation of government laws and regulations, technique, and business, to ensure the validity of information security.

Supplements:

  1. Necessary written working procedures should be in compliance with the standard of BS7799 Part 2:2002.  Various working procedures should be drawn up in accordance with the actual situation of the Immigration office to serve as security guidelines for various works.
  2. Aside from the above Working Procedures, detailed Working Instructions/Guidelines/Operation Code should be drawn up as deemed necessary to serve as execution basis for various information security activities and to serve as a supplement to matters that are not covered.  Related execution records such as forms/reports/plans should be generated in accordance with the stipulations in the Working Procedures, Working Instruction/Guidelines/Operation Code to serve as proof for carrying out the ISMS in order to conform to BS7799-2:2002, and thereby creating an integrated, feasible, and efficient ISMS.
[ Back ] [ Home ]