第 二 篇 經 營 成 效 與 品 質 提 升
ChapterÊ2ÊÊAchievementsÊ&ÊQualityÊAssuranceÊInitiatives
87
準 協 會(
BSI
BS7799
CNS17800
之安全認證。健保署是國內首家取得英國
標準協會授權全國認證基金會(
TAF
發出
CNS17800
證照的政府機構。
另外,健保署為落實資訊安全工作,
全面推動資訊安全管理系統(
ISMS
建置
作業,讓資訊安全確實向下紮根。健保署
資訊單位於
2006
3
月及
2008
5
月均
通過國際資安標準
ISO27001
驗證,獲得
國內外
UKAS & TAF
資安證照,使健保署
之資安作業全面達到國際標準,並於
2010
年配合健保署改制,推動
ISMS
制度及證
照整併作業,並通過資安驗證,嗣後並依
PDCA
持續改善之精神,推動資訊安全
工作,以確保民眾資訊安全無虞。
健保署為強化整體資安監控,於
2010
9
月納入政府機關資安監控(
GSOC
Government Security Operation
體系,
進行全年無休之網路及電子郵件安全監控
作業。
entered and garbled when transmitted, effectively safeguarding
cardholders’privacy.
In August 2003, the NHIA created an “information
security task force” to build the security management
framework for the soon-to-be introduced IC cards and health
insurance information. The task force was made responsible
for managing security-related tasks and obtaining independent
certifications of the system. After more than nine months of
effort by the panel, the IC card’s key management system
(
KMS) and its IC Card Data Center (IDC) were found to
comply with internationally recognized information security
and recognition standards. The KMS received BS7799
certification in June 2004, and the IDC received CNS17800
An “information security management system” (ISMS)
was also installed to keep medical information secure. The
on ISMS standard ISO27001 from the Taiwan Accreditation
Foundation and the United Kingdom Accreditation Service
in both March 2006 and May 2008. In 2010, in conjunction
with an organizational restructuring initiative, the NHIA
information security verification. Since then, the NHIA has
followed the spirit of the PDCA (Plan-Do-Check-Act) cycle
in continuing to improve information security and give people
confidence that their personal information would remain
In September 2010, the NHIA joined the Government
Security Operation network, which monitors Internet and
e-mail security around the clock.