Information Security Policy :: QNAP

Language
About us
About QNAP
Contact Us
Information Security Policy
Privacy Policy
Terms of Use
Press Resources
Home > About us > Information Security Policy
Information Security Policy
  • Scope
    QNAP SYSTEMS, INC. (QNAP) develops the Information Security Policy to strengthen information security management and ensure the confidentiality, availability and implementation of QNAP information assets in order to provide a information environment for information business continuity. The policy complies with the relevant regulation requirements and prevent the deliberate or accidental threats from inside or outside of the company.
    Established the policy by the top management, executed by the effective operation of the system, contains the continuous improvement process to prevent nonconformities in order to achieve information security purposes.
  • Applicable Areas
    QNAP establishes the Information Security Management System (ISMS) in accordance with the concerns of "internal and external stakeholders." and the relevant government regulation requirements. To ensure confidentiality, availability and implementation of the information, the ISMS is designed to be used in the security management of operation of Server Room and maintenance of ERP system.
    The ISMS is already able to acquire information about the operation and management processes and meet all safety requirements and expectations. The ISMS covers fourteen management matters to prevent data misuse, leakage, tampering and destruction due to human error, deliberate revealing, natural disasters or other factors, resulting in possible risks and hazards to QNAP. Management matters include:
    • Information security policy
    • Organization of information security
    • Human resource security
    • Asset management
    • Access control
    • Encryption
    • Physical and environmental security
    • Operation security
    • Communication security
    • System acquisition, development and maintenance
    • Supplier relationship
    • Information security incident management
    • Information security aspects of business continuity management
    • Compliance
  • Definitions
    • Information Asset: the hardwares, softwares, services, documents and people that maintain QNAP information business operation.
    • Information environment for business continuity management: the computer operating environment that maintain QNAP business operation.
  • Objectives
    Maintain the confidentiality, integrity and availability of QNAP information assets, and protect user data privacy. With the concerted efforts of all colleagues to accomplish the following objectives:
    • Protect QNAP's business activity information from unauthorized access.
    • Protect QNAP's business activity information from unauthorized modifications, and ensure the information is correct and complete.
    • Establish an inter-departmental information security organizations to develop, promote, implement, evaluate and improve the information security management, and to ensure that QNAP has an information environment for business continuity.
    • Implement information security education and training, promote staff awareness, and enhance their knowledge on related responsibilities.
    • Implement information security risk assessment to improve the effectiveness and timeliness of information security management.
    • Implement information security internal audit system to ensure the implementation of information security management.
    • Business activities of QNAP shall comply with the requirements of the relevant Act or regulations.
  • Responsibility
    • QNAP managers establish and review this policy.
    • QNAP information security administrators implement this policy through appropriate standards and procedures.
    • All staff and outsourcing vendors are required to follow the relevant safety management procedures to meet the information security policy requirements.
    • All staff have a responsibility to report any information security incidents and identified vulnerabilities.
    • Penalties will be imposed on any behaviors endangering the information security depending on the seriousness of the investigation under the civil, criminal and administrative liability regulations or under the Company’s regulations.