Information Security Policy

V 1.3 April 11, 2023

1. Purpose

As information security is the basis for maintaining the safe operation of our service, to ensure the security of personnel, data, information systems, equipment, and networks of Turing Chain Taiwan Limited (hereinafter referred to as “Our Company”), we have stipulated the Information Security Policy (hereinafter referred to as “This Document”) as the highest guiding principle of our Company’s Information Security Management System (hereinafter referred to as “ISMS/PIMS”).

2. Objectives

Our Company’s information security objectives are to ensure the confidentiality, integrity, availability, and compliance of critical information and service. We define and measure the quantitative indicators of information security performance according to respective competency to confirm the implementation status of ISMS/PIMS and whether the information security objectives are achieved.

3. Scope of Application

The ISMS/PIMS takes into account internal and external issues, the needs and expectations of interested parties, the interfaces, and dependencies between our Company’s activities and those of other organizations. The scope of application is service software development, testing, operations, and operating environments of Turing Certs Blockchain-based Resume, including physical office areas, cloud systems, developers, software Turing Certs Blockchain-based Resume is applied to Turing Certs Blockchain-based Resume software development, testing, operation, and operation environment, including physical office area, cloud system, developers, software, operation data, system management department and related operation process.

4. Contents covered

The ISMS/PIMS includes the following contents, and the relevant departments and personnel shall stipulate management regulations or implementation plans for the following matters, put in to practice, and evaluate the effectiveness of the implementation regularly.

  • Information security organization and management inspection
  • Risk management
  • Document and record management
  • Internal auditing of information security
  • Human resource security management
  • Asset management
  • Access control management
  • Physical and environmental security management
  • Operational security and cryptography
  • Communication security management
  • System acquisition, development, and maintenance management
  • Vendor relationship management
  • Information security incident management
  • Business continuity management
  • Compliance management
  • Personal data file security maintenance
  • Collection, processing and use of personal data files
  • Exercise of rights by subject of personal data

5. Organization and Authority

To ensure the effective operation of the ISMS/PIMS, the information security organization and authority should be clearly defined to promote and maintain various management, implementation, inspection, etc.

6. Implementation Principles

The implementation of ISMS/PIMS shall be based on the process of Plan, Do, Check, and Act to ensure the effectiveness and continuous improvement of information business operation.

7. Review and Evaluation

7.1. This document shall be evaluated and reviewed when encountering major changes or at least once a year to ensure the effectiveness of the latest development of laws, technology, and related departments of information security practices.
7.2. This document shall be revised based on the results of the review, and shall take effect after it is signed and published by the person in charge of our Company.
7.3. This document shall be sent to the interested parties, such as partners, employees, suppliers, etc. via document, e-mail, or document managing system after it is stipulated or revised.