1. Purpose
Feversocial Limited (hereinafter referred to as "the Company"), the operator of the Feversocial platform service, has established this Information Security Policy (hereinafter referred to as "the Policy") to strengthen information security management. The Policy aims to ensure the confidentiality, integrity, and availability of the Company's information assets, providing the necessary information environment and infrastructure for the Company's continuous business operations. It also aims to comply with relevant regulations and avoid any intentional or accidental internal or external incidents. This Policy serves as the highest guiding principle for the Company's Information Security Management System (hereinafter referred to as "ISMS").
2. Objective
The Company's information security objective is to ensure the confidentiality, integrity, availability, and compliance of critical information and services. The Company defines and measures quantitative indicators of information security performance across different levels and functions to assess the implementation status of ISMS and whether it achieves its information security goals.
3. Scope
Considering internal and external issues, the needs and expectations of interested parties, and the interface and interdependence between the Company's activities and those of other organizations, the scope of this Policy and ISMS covers the software development, operations, and processes of the Open Customer Engagement Platform (OCEP) and all software products using the Ministry of Finance's electronic invoice API, as well as all value-added derivative works. This includes all related information business activities such as physical office areas, cloud systems, developers, software, operational data, system administration units, and related operational processes.
4. Target Audience and Responsibilities
5. Coverage
To support and achieve the goals of this Policy, the Company has established specific regulations in the following areas, which will be implemented and regularly evaluated for effectiveness:
6. Organization and Responsibilities
To ensure the effective operation of the ISMS, the information security organization and responsibilities must be clearly defined to promote and maintain the management, execution, and auditing of various tasks.
7. Implementation Principles
8. Review and Evaluation
9. Communication and Dissemination
When ISMS documents (including this Policy) are formulated or revised, they should be communicated or disseminated via website announcements, email, messaging software, document management systems, meetings, or other methods to inform or communicate with internal and external stakeholders, such as employees, customers, partners, and suppliers.