Passed at the Computer and Communication Committee Meeting held on June 23, 2009 Approved by the Protection of Intellectual Property Task Group on July 3, 2009 Revised at the Computer and Communication Committee Meeting held on June 22, 2010 Approved at the 9th University Administration Meeting of the 2009 academic year held on June 29, 2010 (Added Article 6; revised the original Article 6 and renumbered it as Article 7) Revised at the Computer and Communication Committee Meeting held on June 21, 2015 I. This policy was drafted to improve the network service quality and information security of the University's campus servers. II. This policy is applicable to Internet service servers provided by administrative and teaching units of the University. III. All units which have installed Internet service servers shall note the following: (I) Intellectual Property Rights: Only legal and authorized software shall be used. Attention must be given to the legality of information made public. (II)Dedicated Personnel: An Internet service server manager must be assigned to take full responsibility of the management and maintenance of the servers. (III)Maintain Information Security: Perform information security checks and system vulnerability fixes of the managed Internet service servers on a regular basis. If assistance from the Computer and Communication Center (the Center) is required, please apply and register relevant server information. The Center can provide services such as penetration tests, vulnerability scans, and source code analyses. (IV)Information Security Seminar: The server manager shall attend the information security seminar held by the Center. The manager shall also pay attention to the server management regulations and information security measures announced by the Center. IV. The Center performs periodic security scans on the Internet service servers of the entire school and publishes reports on the results of those scans. The server manager shall fix vulnerabilities based on the reports provided by the Center. V. Users of any unit's Internet service server shall adhere to the regulations set forth by the policy as well as the following items. Violators thereof may have their network service suspended and be reported to the relevant office, depending on the severity of the violation. (I)Comply with the National Tsing Hua University Campus Network Terms of Use. (II)Comply with the National Tsing Hua University Unauthorized Network Information Policy. (III)Respect intellectual property rights; behaviors which violate intellectual property rights are not allowed. VI. To improve the effectiveness of the University's computer resources and comply with energy conservation and carbon footprint reduction policy, each unit shall implement virtualization in their server or use the virtual hosting service offered by the Center. VII. The Policy shall take effect after being passed at the Computer and Communication Committee Meeting and approved by the University Administration Meeting. The same applies for amendments made thereto.