Home > Infomation Security Policy

Information_Security_Policy_icon Infomation Security Policy

Information Security Policy

The Taipei City Government Parent-child Center and Friendly Childcare Center Website (hereinafter referred to as this Site) has adopted its site security policies, which are detailed below, in compliance with the Personal Information Protection Act and the Copyright Act to protect your and this Site’s data security.


1. Scope of policies
The website security policies for this Site as described below apply to the collection, use, and protection of personal data when you are browsing this Site, but do not apply to the links to other websites that are provided on this Site. When you click on the links and visit other websites, the website security policies adopted by the respective websites shall apply.


2. Information access control

  • System access policy and authorization rules are stipulated and are provided in written, electronic, or other forms to inform employees and users about their respective authorization and responsibilities.
  • Severed/suspended employees will have their authorized access to all information resources revoked immediately and be subject to mandatory severance/suspension procedures. System authorization shall be adjusted according to system access authorization rules when employees are transferred or re-assigned, and this shall be done within a given time period.
  • A system user registration management system is provided to enforce users’ password management. Improved security measures are taken on the system’s service providers; personnel rosters for these service providers are also compiled and related security and confidentiality responsibilities given to these personnel.
  • An information security audit system is established to conduct both scheduled and non-scheduled information security audits.

3. Site security measures and guidelines
Any unauthorized upload or modification, or attempts to do so, of the services and information provided by Our Site is strictly prohibited and punishable by law. For the purpose of site security and continuation of services to all online users, this Site has adopted the following security protection measures:

  • Firewalls are established at the nodes connecting to external networks to control data transfer and resource access between external and internal networks. Stringent identification procedures are adopted. A network intrusion detection system is used to monitor network traffic and to identify any unauthorized upload attempts, modification of web information, or malicious sabotage.
  • Virus scan software is installed to scan for viruses on a routine basis to provide a safer browsing environment for users. A backup system is in place to carry out necessary data/software backup and redundancy operations on a regular basis; normal operations can be quickly resumed in the case of a disaster or storage media failure.
  • Hacker attacks are simulated from time to time to practice system recovery procedures during security events and ensure there is adequate security defense.
  • Security maintenance emails from operating system or application vendors are automatically received, and recommendations from the said emails are adopted and suitable patches installed. Security is not 100% guaranteed for data transfers over the Internet. This Site will use every effort in protecting the data security of this Site and all personal data, and in some cases an SSL security system will be used to protect security during data transfer. However, as the security of data transfers is related to the internet security of your computer, we are unable to guarantee the security of your data transfers to and from this Site. You are responsible for the risks associated with Internet data transfers. Please understand that any consequences arising from issues mentioned in this paragraph are beyond our control.

4. Data backup operation policy

As a principle at least 3 generations of backups for critical data will be maintained. The backup data is physically protected in an ideal environment, of which security standards are comparable, if not identical, to the primary operation environment. The security control measures adopted in the primary operation environment are applicable, wherever possible, in the backup environment. Backup data is routinely examined to guarantee the availability of backup data.


5. Data recovery operation policy

Data consistency and integrity will be examined immediately before data recovery operations. Unless a major accident occurs, such as irreparable mainframe or network failure, data for this Site can be recovered to normal within 24 hours. Backup data is guaranteed to provide the latest comprehensive data that covers up to two days’ worth of data. Upon completion of data recovery, programs and databases will be operating normally. Tests on backup data should be taken routinely to guarantee the availability of backup data. After completion of data recovery operations, responsible personnel should observe the system for three days to guarantee normal operations of the system and accuracy of any newly added data.


6. Changes to the information security policy of this Site

As technology is advancing rapidly, it is difficult for applicable laws to keep up with advancements, and environmental changes in the future are also hard to foresee. Thus, this Site will change its information security policy as needed to fulfill the intention of good practice in network security. Upon completion of any change regarding information security policy at this Site, we will immediately announce it on this Site, using highlighted titles to prompt you to click on the links for more information.


7. Should you have any doubts or comments regarding the articles listed above, please contact us using the contact methods provided hereto.

This site is best viewed in
Browser:Google Chrome   Screen resolution:1200 * 800 or higher to browse our website