1. Purpose

To enhance the security and stability of the Ministry of Economic Affairs (hereinafter referred to as "the Ministry") information and communication operations, provide reliable information and communication services, ensure the confidentiality, integrity, and availability of information assets, and smoothly advance the Ministry’s various business operations in compliance with the Cybersecurity Management Act and its subordinate regulations, this Ministry of Economic Affairs Information Security Policy (hereinafter referred to as "this Policy") is established as the highest guiding principle for the Ministry’s information security management.  

2. Scope

This Policy applies to all Ministry personnel, vendors, and third-party individuals who come into contact with the Ministry's business information or provide services to the Ministry.

3. Objectives

1. To ensure the confidentiality of business-related information of the Ministry, protecting national secrets and personal data.


2. To ensure the integrity and availability of business-related information of the Ministry, improving administrative efficiency and quality.


3. To cooperate with national initiatives and this Policy to enhance cybersecurity defense capabilities.


4. To comply with national laws and Ministry regulations, achieving the goal of continuous business operations.

4. Strategies

1. Consider relevant laws, regulations, and operational requirements, evaluate the information security needs, and establish relevant procedures to ensure the confidentiality, integrity, and availability of information assets.


2. Establish an information security organization within the Ministry and define roles and responsibilities to facilitate the implementation of cybersecurity operations.


3. Implement various tasks according to the classification of information security responsibilities as specified in the classification guidelines.


4. Establish an information security incident reporting and response mechanism to ensure proper response, control, and handling of security incidents.


5. Conduct regular cybersecurity audits to ensure the effective implementation of information security management.

5. Review

This Policy is approved by the Chief Information Security Officer (CISO) and is reviewed at least annually, or re-evaluated when significant organizational changes occur (e.g., organizational adjustments, major business changes, etc.). Based on the results of the review, relevant laws, technologies, and the latest developments in the business environment, the Policy will be appropriately revised.