(1) To facilitate the implementation of information security in the Airport, a security information organization is to be established with clearly defined roles and responsibilities.
(2) The Airport’s information assets should be regularly audited, categorized and classified.
(3) An appropriate information risk evaluation method should be defined for the Airport and a risk management plan developed in accordance with the results of the evaluation.
(4) An Airport information security monitoring, reporting and response mechanism should be established to ensure an immediate response to information security incidents.
(5) Define an operational continuity plan with regular tests and rehearsals carried out to ensure that the Airport’s information services are uninterrupted.
(6) Organize information security education and training every 6 months to familiarize employees with their role’s information security responsibilities.
(7) This policy shall be reviewed at least annually against regulatory and supervisory requirements on information security as well as on technological and operational changes. The policy should be amended as necessary to ensure the feasibility and effectiveness of actual information security practices.
(8) An Airport employee found to be in violation of information security regulations is to be handled with under the Civil Aeronautics Administration’s incentives and punishment regulations. Anyone found to have violated Article 2 of the Public Functionaries Discipline Act, is to be handled in accordance with Article 19 of the same law. Those suspected of having violated criminal laws shall be referred to the law enforcement agencies for investigation; if the matters involve national compensation, responsibility should be determined in accordance with the State Compensation Act and related laws. Where a person not employed at the Airport violates the information security regulations, both civil and criminal liabilities should be pursued in accordance with the law.
(9) This policy takes effect upon its approval, with amendments also taking effect upon approval.