Cyber Security Management Regulations of the National Taiwan Library
Established during the 841st library affairs meeting on August 11, 2016
Amended and adopted at the 874th library affairs meeting on April 7, 2021
1. The National Taiwan Library (hereinafter referred to as the Library) looks to ensure the security of the library resources, systems, equipment and network communications while also effectively reducing the risks of the theft of library resources, systems, equipment and network communications caused by negligence, deliberate or natural disasters, improper usage, leakage, tampering or damage. Thus, the Library has created the information security management system and formulated the “Cyber Security Management Regulations (ISMS-01-001)” (hereinafter referred to as these Regulations). Matters that are not specified in these Regulations shall be handled in accordance with other government cyber security regulations to achieve the confidentiality, integrity, and usability of information.
2. These Regulations were formulated based on the “Enforcement Rules of the Cyber Security Management Act,” “Information Security Management Directions for the Executive Yuan and its Subordinate Agencies,” “Information Security Management Regulations of the Executive Yuan and its Subordinate Organizations,” and the “Cyber Security and Personal Data Management Regulations in the Education System.”
3. To maintain the confidentiality, integrity, and availability of information, systems, equipment, and network communications in the library while safeguarding the security of personal data, we hope that all of the library staff will work together to achieve the following goals:
(1)Ensuring the correctness of the information processing of the library, the reliability of the computer software, hardware, peripherals, and network systems used by the library personnel, and ensuring that the aforementioned resources are free from acts or intentions of interference, destruction, intrusion.
(2)Ensuring the integrity and availability of the information services provided by the library, and providing users with convenient and stable information services.
(3)Establishing a sustainable operation plan for the library's information operations to ensure the continuous operation of the library's information service.
(4)Ensuring that the implementation of the library’s information services meet the requirements of relevant laws and regulations.
4. The scope of application of these Regulations is the staff (employed and appointed), stationed police, contract staff (employees), technicians and workers, temporary personnel, part-time personnel, outsourced service providers and personnel, visitors and readers.
5. The director of the library will serve as the director of cyber security, and a meeting for the team leaders of each group will be convened to establish a cyber security promotion group for research and discussion of issues such as formulating cyber security policies, plans, and resource management.
6. The primary matters handled using these Regulations are as follows:
(1) The library and the concerned parties shall formulate a comprehensive cyber security management system with regard to the requirements for cyber security based on internal and external issues that may affect cyber security.
(2)The library’s cyber security management regulations must comply with relevant government regulations (e.g. the Criminal Code, Classified National Security Information Protection Act, Patent Act, Trademark Act, Copyright Act, and Personal Data Protection Act).
(3)Regularly carrying out cyber security education and training, and promoting information security policies and related implementation regulations.
(4)Establishing management mechanisms for information software and hardware facilities to coordinate the allocation and effective usage of resources.
(5)The new information system shall incorporate cyber security factors before its implementation to prevent situations that endanger the security of the system.
(6)Establishing physical and environmental safety protection measures for the server room, and carry out relevant maintenance on a regular basis.
(7)Clearly regulating the access rights of the information systems and network services to prevent unauthorized access.
(8)Establishing internal audit plans for cyber security, and regularly review the use of personal computers and the implementation of the cyber security system.
(9)All of the library personnel are responsible for maintaining cyber security, and shall abide by the library’s cyber security management regulations.
7. These Regulations shall be periodically evaluated to reflect the government’s cyber security management policies, laws, technology, the needs and expectations of interested parties, internal and external issues, the latest status of the library’s operations, and to ensure the feasibility and effectiveness of the library’s cyber security practical operations.
8. These Regulations are adopted by the library affairs meeting and implemented after being approved by the director of cyber security (director of the library) in accordance with administrative procedures, the same applies to revisions.