Information Security Policy
1. Purpose
1.1 To enhance information security management, earthbook Inc. (hereinafter referred to as the Company) aims to ensure the confidentiality, integrity, and availability of its information assets. This is to provide a secure information environment for the continuous operation of the Company’s business and to comply with relevant regulations. By mitigating intentional or accidental threats from internal or external sources, the Company has implemented the ISO 27001 Information Security Management System, formalized in this policy.
2. Scope
2.1 All departments within the Company.
3. Definitions
3.1 All personnel: Includes Company employees and outsourced vendors.
4. Vision and Objectives
4.1 The vision for the information security policy is as follows:
4.1.1 Enhance personnel knowledge and skills
4.1.2 Prevent data leakage
4.1.3 Ensure effective daily maintenance and operations
4.1.4 Guarantee service availability
4.2 Based on the information security policy vision, the following objectives are established:
4.2.1 Conduct information security training to promote awareness and reinforce personnel responsibilities.
4.2.2 Protect the Company’s business information, preventing unauthorized access and modification to ensure its accuracy and integrity.
4.2.3 Conduct regular audits to ensure the proper implementation of relevant operations.
4.2.4 Maintain a certain level of system availability for the Company’s critical business systems.
5. Responsibility
5.1 The Company’s management is responsible for establishing and reviewing this policy.
6. Review
6.1 This policy shall be reviewed at least annually to reflect the latest developments in government regulations, technology, and business, ensuring the Company’s sustainable operation and information security practices.
7. Implementation
7.1 This policy shall be implemented upon approval by the "Information Security Committee" and the convener. The same applies to any revisions.
1.1 To enhance information security management, earthbook Inc. (hereinafter referred to as the Company) aims to ensure the confidentiality, integrity, and availability of its information assets. This is to provide a secure information environment for the continuous operation of the Company’s business and to comply with relevant regulations. By mitigating intentional or accidental threats from internal or external sources, the Company has implemented the ISO 27001 Information Security Management System, formalized in this policy.
2. Scope
2.1 All departments within the Company.
3. Definitions
3.1 All personnel: Includes Company employees and outsourced vendors.
4. Vision and Objectives
4.1 The vision for the information security policy is as follows:
4.1.1 Enhance personnel knowledge and skills
4.1.2 Prevent data leakage
4.1.3 Ensure effective daily maintenance and operations
4.1.4 Guarantee service availability
4.2 Based on the information security policy vision, the following objectives are established:
4.2.1 Conduct information security training to promote awareness and reinforce personnel responsibilities.
4.2.2 Protect the Company’s business information, preventing unauthorized access and modification to ensure its accuracy and integrity.
4.2.3 Conduct regular audits to ensure the proper implementation of relevant operations.
4.2.4 Maintain a certain level of system availability for the Company’s critical business systems.
5. Responsibility
5.1 The Company’s management is responsible for establishing and reviewing this policy.
6. Review
6.1 This policy shall be reviewed at least annually to reflect the latest developments in government regulations, technology, and business, ensuring the Company’s sustainable operation and information security practices.
7. Implementation
7.1 This policy shall be implemented upon approval by the "Information Security Committee" and the convener. The same applies to any revisions.