The Cultural Affairs Bureau of Chiayi City Government (henceforth referred to as the Bureau) is charged with serving the public in order to establish a safe and reliable electronic operating environment, ensure the safety of data use, protect the rights of the public, enable the continuous and uninterrupted operation of various business information operations, prevent improper disclosure of information, and maintain the effectiveness of internal system management. To meet the objectives of a "efficient city&" and a "safe city," the following measures will be taken to achieve the objective of information security:

1. Compliance with pertinent laws and regulations, such as the Intellectual Property Rights, the Personal Data Protection Act, and the key points and regulations of information security management of the Executive Yuan and its affiliated agencies, as well as agreements and contracts signed with external parties, is the primary focus of information security promotion.
2. The Bureau has established an Information Security Management Committee to actively promote the planning, execution, auditing, communication, and coordination of information security management-related matters, and to actively conduct information security education, training, and promotion to familiarize personnel with the security responsibilities associated with business execution.
3. Information assets held by employees are categorized and graded based on how they are used to achieve effective control. Information operations are planned for continuous management and effective operation based on the actual needs of business practices to ensure the security of information operations and the ease and smoothness of use.
4. Access control and real-time monitoring are utilized to preserve the security of physical security control areas and vital data and equipment rooms in the office.
5. Information equipment and systems are maintained with greater technical protection, and access privileges are granted based on positions according to minimum requirements to prevent unauthorized access, abnormalities, or network attacks.
6. Use of unauthorized software is restricted to prevent computer viruses and malware from disrupting operations.
7. Personal information management must establish compliance-compliant methods for personal data protection management, file security maintenance, emergency response, and disposal.
8. Regular information security audits are conducted to ensure the effectiveness of the information security management system, and anyone who violates the relevant procedures and regulations of the information security management system will be considered and punished in accordance with the relevant regulations.
9. The information Security Policy shall be examined by the Information Security Management Committee and approved by the Director of Cultural Affairs Bureau before implementation, as well as any amendments.