96年5月9日第155次行政會議通過

101年5月9日第165次行政會議修正通過

103年11月19日第174次行政會議修正通過

111年12月21日第215次行政會議修正通過

一、為使本校之資訊安全管理機制充分發揮功能，落實「教育體系資通安全管理規範」與「個人資料保護制度」，特依據本校組織規程第二十四條設「國立成功大學資訊安全管理委員會」（以下簡稱本委員會）。

1.In order to make the best of the features associated with the University’s cyber security management mechanism and to consolidate the “Specification of Cyber Security and Personal Information Management in Educational System”, the NCKU Cyber Security Management Committee (hereinafter referred to as the “Committee”) is particularly established according to Article 24 of the Regulations for the Organization of National Cheng Kung University.

二、本委員會由副校長一人兼召集人，計算機與網路中心中心主任兼協同召集人，計算機與網路中心網路與資訊安全組組長、資訊系統發展組組長及教學科技組組長為當然委員，其餘委員由秘書室、教務處、總務處、學生事務處、研究發展處、國際事務處、財務處、主計室、人事室、圖書館、產學創新總中心、環境保護暨安全衛生中心、各學院、智慧半導體及永續製造學院、敏求智慧運算學院、醫學院附設醫院及附設高級工業職業進修學校等指派各單位副主管以上人員擔任，任期二年。

2.The Vice President of the University is an apparent member and convener of the Committee. The director of the Computer and Network Center is an apparent member and the co-convener. Leader of the Network & Information Security Division ,Leader of the Information System Development Division and Leader of the Teaching & Learning Technology Division are apparent members. The other members are configured with Secretariat Office,Office of Academic Affairs, Office of General Affairs, Office of Student Affairs, Office of Research and Development, Office of International Affairs, Office of Finance, Accounting Office, Personnel Office, Library, Innovation Headquarters, Center for Environmental Protection, Occupational Safety and Health, all Colleges,Academy of Innovative Semiconductor and Sustainable Manufacturing,Miin Wu School of Computing, National Cheng Kung University Hospital, The Affiliated Senior Industrial Vocational Continuing Education High School of National Cheng Kung University. The above units assigns a deputy supervisor or higher supervisor to serve as member with a tenure of 2 years.

三、本委員會審議事項如下：

(一)教育體系資通安全管理規範之資訊安全政策、風險評估及執行成效。

(二)本校個人資料管理制度之推展、風險評估及執行成效。

(三)其他本校資訊安全及個人資料保護管理之規劃及執行事項。

3. The Committee reviews the following:

(1)Information security policies, risk assessments, and implementation efficacy of the Directions Governing Information and Community Security in Educational System.

(2)Promotion, risk assessments, and implementation efficacy of personal data management systems in the University.

(3)Planning and implementation of other information security and personal information protection and management matters in the University.

四、本委員會每年開會一次，必要時得召開臨時會議。

4. The Committee meets once a year and may call for an extraordinary meeting whenever it is considered necessary.

五、本委員會開會時，得請相關業務人員列席報告及說明。。

5. While the Committee meets, staff involved in related tasks may be asked to be attended and gave a presentation with explanations.

六、本要點經行政會議通過後實施，修正時亦同。

6. The Directions are to be enforced following approval through the administrative meeting. The same shall apply to their revisions.