法規內容

下載法規原始檔

 

國立成功大學資訊安全管理委員會設置要點
NCKU Directions for Establishing the Information Security Management Committee

96.5.09 第155次行政會議通過

Approved in the 115th administrative meeting on May 9, 2007

101.5.09 第165次行政會議修正通過

Revised and approved in the 165th administrative meeting on May 9, 2012

103.11.19 第174次行政會議修正通過

Revised and approved in the 174th administrative meeting on November 19, 2014

一、為使本校之資訊安全管理機制充分發揮功能,落實「教育體系資通安全管理規範」與「個人資料保護制度」,特依據本校組織規程第二十四條設「國立成功大學資訊安全管理委員會」(以下簡稱本委員會)。

1.In order to make the best of the features associated with the University’s information security management mechanism and to consolidate the “Directions Governing Information and Community Security in an Educational System” and the “Personal Information Protection System”, the NCKU Information Security Management Committee (hereinafter referred to as the “Committee”) is particularly established according to Article 24 of the Regulations for the Organization of National Cheng Kung University.

二、本委員會置委員十一人,由副校長(資訊安全長)擔任本委員會當然委員兼召集人,計算機與網路中心主任為當然委員兼協同召集人,網路與資訊安全組組長及資訊系統發展組組長為當然委員,其餘委員由召集人推選本校專任助理教授以上或行政單位二級主管以上具資訊安全實務經驗者,簽請校長核准聘任,任期二年。

2.The Committee is configured with 11 members. The Vice President of the University (Chief Information Security Officer) is an apparent member and convener of the Committee. The director of the Computer and Network Center is an apparent member and the co-convener. The heads of the Network and Information Security Division and the Information System Development Division are apparent members. The other members shall be full-time assistant professors or higher-ranking faculty or Class 2 administrative supervisors or higher-ranking staff with practical information security experience recommended by the convener and signed off by the President of the University with a tenure of 2 years.

三、本委員會審議事項如下:

(一)教育體系資通安全管理規範之資訊安全政策、風險評估及執行成效。

(二)本校個人資料管理制度之推展、風險評估及執行成效。

(三)其他本校資訊安全及個人資料保護管理之規劃及執行事項。

3. The Committee reviews the following:

(1)Information security policies, risk assessments, and implementation efficacy of the Directions Governing Information and Community Security in Educational System.

(2)Promotion, risk assessments, and implementation efficacy of personal data management systems in the University.

(3)Planning and implementation of other information security and personal information protection and management matters in the University.

四、本委員會每年開會一次,必要時得召開臨時會議。

4. The Committee meets once a year and may call for an extraordinary meeting whenever it is considered necessary.

五、本委員會開會時,得請相關業務人員列席報告及說明。。

5. While the Committee meets, staff involved in related tasks may be asked to be attended and gave a presentation with explanations.

六、本要點經行政會議通過後實施,修正時亦同。

6. The Directions are to be enforced following approval through the administrative meeting. The same shall apply to their revisions.