圖書典藏及影音數位平台

本署為資訊安全等級B級列屬機關，為配合行政院資通安全辦公室推行資安工作並執行資訊安全管理系統(ISMS) 之ISO/IEC 27001追查與轉版驗證，及配合個人資料保護法進行資訊系統個人資料保護，爰擬成立本計畫，以強化本署資訊安全管理機制，落實個資安全保護及完善資訊安全措施。完善之作業流程及管理機制，藉以保護資訊系統之個人資料、完善資訊安全措施及提升資訊服務品質與效率。

The objective of this project is to maintain the effectiveness of the international certification standards of ISO 27001, and to keep the regular and sustainable function on the Information Security Management System (ISMS) of the Water Resources Agency. To reach the objective, the agency’s existing ISMS documents are reviewed to find the difference to the new version of ISO 27001 standard. Based on the new version standard, the present ISMS controlling measures are adequately evaluated and integrated, and some ISMS documents are adjusted. In addition, this project coordinates the follow-up daily maintenance, revises documents which are inconsistent with the practice, and etc. continually to help the ISMS to satisfy the needs of business operation. This project is composed of three parts: internal daily operation process review, execution contexts and method adjustment, as well as management practice improvement. The following working items are fulfilled: 1. Information Security Management System revision and implementation 1.1 Project meeting and daily operation assistance 1.2 ISMS documents adjustment 1.3 Business continuity management operation assistance 1.4 Internal audit and review of ISMS 1.5 ISMS effectiveness measurement indicators modification 2. Information Security Management System Certification New standard upgrade and third party certification assistance. 3. Personal data protection practice and risk management 3.1 ISMS risk management (including personal data protection) 3.2 Personal data protection check assistance 3.3 Present personal data protection status review 4. Training 4.1 ISO 27001: 2013 Leading Auditor training course 4.2 Information security and personal data protection awareness courses