BeeZin Plan for Maintaining the Security of Personal Information Files
I. To ensure the security of personal information files of the company, we assigned the specialist to maintain the items based on the Plan for Maintaining the Security of Personal Information Files as follows.
II. Plan for Maintaining the Security of Personal Information Files:
1. Information Security
(1) People who insert the personal information in the database files shall set up the use limitation and permission, “User ID” and “Password.” The password shall be confidential and will not share with others.
(2) People who save personal information files in the Hard Disk Drive of PC, data retention office shall setup the login password, screensaver password and other related security measures to certain personal computer.
(3) Don’t use the personal information files without permission.
(4) Log out after using the personal information files and don’t leave the files open on the screen.
(5) The password shall be confidential and change your password regularly to avoid others stealing your password and using for a long time.
(6) When the customers check their personal information by phone, to protect the right of the customers, the company shall reply the relevant information after the verification.
(7) To ensure the system operating normally, when doing the collection, handling and international delivery and using the personal information through the internet, it shall have necessary prevention and protective measures, detect and prevent the computer virus and other malwares.
(8) Before conducting the business on the internet, it shall evaluate the probable safety risk and come out the proper safety control measures.
2. Information Audit
(1) When dealing with the personal information through the computer, we shall check whether the input, output, edition and change are the same as the original file or not.
(2) Before giving a use of personal information, we shall check whether it is the same as the information in the file or not.
(3) We shall establish a regular auditing system and save the auditing information.
3. Equipment Management
(1) Data retention office shall give a regular maintenance and repair to the computer that uses to store the personal information.
(2) Don’t move the computer equipment if necessary.
(3) The personal computer uses as personal information insert shall not be the front end tool of inquiry service directly.
(4) Establish the remote backup system.
(5) Actually delete the personal information stored in the related computer hardware the company wants to throw away or resell it.
4. Other security and maintenance items
(1) When people who deal with the personal information files by the computer have a job change, the original working department shall transfer personal information files and related information lists to the new department. The person who takes over the data retention in the new working place shall set up a new password for this employee to give a better management.
(2) After the employees resigned, the former employees shall cancel all the passwords they have been used and give an appropriate adjustment.
(3) Follow all the computer safety maintenance-related regulation.