[{"subject":"NYCU Regulations on Information Service Usage Fees Management","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2024-03-27","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University\r\nRegulations on Information Service Usage Fees Management\r\nApproved by the 5th administrative meeting of the 2023 Academic Year (March 27, 2024)\r\n1.\tThe Information Technology Service Center (hereafter, the Center) of the National Yang-Ming Chiao Tung University (hereafter, the University) is dedicated to providing a high-quality environment for the use of information services, and to complying with the Information Security Management Act and the related regulations on intellectual property rights. Based on the principle of user fees, the Center has formulated the regulations.\r\n2.\tThe information service usage fees are used for system development, software and hardware purchases and maintenance, and related personnel employment for the Center's information services.\r\n3.\tService Charges: Charges vary based on the service. For annual services, fees are calculated yearly; for new applications, the annual fee is prorated monthly. The fees standards are listed as follows:\r\n(1)\tGoogle Workspace Cloud Storage and Value-added Services\r\nA.\tTeacher Personal Service Plan\r\nitem\tFee Standard\tNote\r\nBasic Plan (20GB)\tFree\t\r\nAdvanced Plan (100G)\tNT$2000/year\t\r\nCloud Storage Add-ons\t\tAvailable only for Advanced Plan\r\n    Personal Storage Space\tNT$1000/year per 100GB\t\r\n    Shared Cloud Storage Space\tNT$1000/year per 100GB\t\r\n\r\n\r\nB.\tSchool Unit Storage Space Plan\r\nItem\tFee Standard\r\nBasic Plan (200G)\tFree\r\nCloud Storage Add-ons\tNT$2000/year per 100GB\r\n\r\n \r\n(2)\tMicrosoft M365 Cloud Storage and Value-added Services\r\nItem\tFee Standard\tNote\r\nBasic Plan (20G)\tFree\t\r\nAdvanced Plan (40G)\tNT$2000/year\t\r\nCloud Storage Add-ons\t\tAvailable only for Advanced Plan\r\n    Personal Storage Space\tNT$2000/year per 100GB\t\r\n\r\n(3)\tVPS Virtual Host Services\r\nItem\tFee Standard\r\nBasic Configuration (1CPU, 2GB Memory, 40GB Disk Space)\tNT$6000/year\r\nValue-added Services\t\r\n    Memory Upgrade\tNT$750/year per 1GB\r\n    Disk Space Upgrade\tNT$500/year per 50GB\r\n    CPU Upgrade\tNT$1500/year per 1CPU\r\n\r\n(4)\tDNS Domain Server Maintenance\r\nItem\tFee Standard\r\nSingle Domain Name\t\r\nAnnual Fee\tNT$1000/year\r\nSelf-managed Domain\t\r\nAnnual Fee\tNT$5000/year\r\n\r\n \r\n(5)\tGPU Services\r\nItem\tFee Standard\tNotes\r\nA6000\tNT$4000 per unit per week\t1GPU/8CPU/180G RAM/600GB storage\r\nP100\tNT$2000 per unit per week\t1GPU/4CPU/90G RAM/600GB storage\r\nValue-added Services\t\t\r\nAdditional Memory\tNT$100 per GB per week\t\r\nAdditional Hard Disk Storage\tNT$50 per 100GB per week\t\r\nAdditional CPU\tNT$200 per CPU per week\t\r\n\r\n(6)\tServer Room Colocation Services\r\nA.\tHosting for administrative units is free of charge.\r\nB.\tCharging of other units\r\na\tLevel 1 server rooms\r\n\tRoom 503, Library Information and Research Building, Beitou Campus\r\n\tRoom 105, Teaching and Learning Building, Beitou Campus\r\n\tServer room on the first floor of the Information Technology Service Center, Guangfu Campus\r\nItems\tFee Standard\r\nHigh-speed computing server (GPU、HPC) \tNT$10000 /1U /year\r\nGeneral server (include NAS)\tNT$6000 /1U /year\r\nNetwork switches and other equipment\tNT$3000 /1U /year\r\nHigh energy consuming equipment\tNT$25000 /1U /year\r\n\r\nb\tLevel 2 server rooms\r\n\tB14, Shou-Ren Building, Beitou Campus\r\n\tServer room on the 9th floor of the Hsien-Che Building, Boai Campus.\r\nItems\tFee Standard\r\nHigh-speed computing server (GPU、HPC) \tNT$8000 /1U /year\r\nGeneral server (include NAS)\tNT$4000 /1U /year\r\nNetwork switches and other equipment\tNT$3000 /1U /year\r\nHigh energy consuming equipment\tNT$20000 /1U /year\r\n\r\nc\tThe reference standard for high energy-consuming equipment refers to the total power consumption of a single machine exceeds 2000 watts.\r\n\r\n(7)\tWebsite construction services\r\ni.\tNYCU WEB blogs are free of charge.\r\nii.\tcPanel Web Platform\r\nItems\tFee Standard\r\nBasic annual website fee\tNT$1500 /year\r\nIncrease website space \tNT$600 /10GB/year\r\niii.\tCampus website co-construction platform\r\nItems\tFee Standard\tRemarks\r\nBasic annual website fee\t\t\r\nAdministrative and teaching units\tNT$3000 /year\tFirst-level administrative units can apply for one website free of charge.\r\nResearch centers\tNT$6000 /year\t\r\nOther websites\tNT$8000 /year\t\r\nSelf-provided SSL certificate \tFee waiver NT$1000 /year\t\r\nIncrease website space \tNT$600 /10GB/year\t\r\n\r\n(8)\tMicrosoft Server and SQL Server Software License Services\r\nItems\tFee Standard\r\nWindows Standard\tNT$2000 / per IP /year\r\nWindows Datacenter\tNT$10000 / per IP /year\r\nSQL Standard\tNT$30000 / per IP /year\r\nSQL Enterprise\tNT$90000 / per IP /year\r\n\r\n4.\tService application: Please refer to various information service management guidelines for application objects and service application periods.\r\n5.\tUsage Guidelines: \r\n(1)\tThe applicant shall comply with the various information service management guidelines in using the services. Services are intended for campus administration, academics, and research only. Commercial use is prohibited. Users must adhere to the regulations on the use of the campus network of the University, the regulations on the use of the Taiwan Academic Network of the Ministry of Education, the information security management system of the Center, as well as the regulations on the use of the National Information Security Management Acts.\r\n(2)\tIn the event of a major information security incident or a major violation of the above regulations, the Center may immediately suspend the service. If no effective improvement is made within the period, the Center has the right to terminate the service directly.\r\n6.\tThe regulations and revisions thereof shall come into effect after receiving approval from the Administrative Meeting.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1242768272235958272&type=s","pdffileurl":"","odffileurl":"","expFile":"NYCU Regulations on Information Service Usage Fees Management"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Information Technology Services Center’s Campus-wide Announcement Emails Delivery Service Guidelines","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2023-04-11","updateDate":null,"detailContent":"","summary":"1\r\nNational Yang Ming Chiao-Tung University, Information Technology Services Center’s\r\nCampus-wide Announcement Emails Delivery Service Guidelines\r\nApproved at the Information Technology Service Center Supervisory Meeting of National Yang Ming Chiao Tung University, held on\r\nApril 11, 2023.\r\n1. Target Applicants: Limited to administrative units, primary teaching units, and primary research\r\ncenters.\r\n2. Service Description:\r\n1) This service is primarily for campus-wide announcements.\r\n2) There are four groups of recipients of announcement emails: \"All faculty, staff, and students\",\r\n\"All faculty and staff\", \"All students\", and \"All full-time teachers\".\r\n3) The content of the mail should be related to the administrative business and should be\r\nrelevant to the majority of faculty, staff, and students. If it is an event, promotion, or lecture\r\nspecific to a particular audience, please use the campus announcements system (the campus\r\nannouncements system sends an email notification to faculties, staff, and students once a day).\r\n4) This service only delivers e-mail messages to the NYCU email accounts of faculties, staff, and\r\nstudents of NYCU.\r\n5) Except for emergency or special announcements, the same email content should only be sent\r\nonce.\r\n6) If there are regular courses or activities every month, please integrate the event content and\r\napply for delivery once a month.\r\n7) Due to differences in the receiving habits of each user, please do not treat this service as the\r\nonly means of communication, thus avoiding important notices being missed by faculties, staff,\r\nand students.\r\n8) Please refer to the Information Technology Services Center website for the application process\r\nand detailed information about the services.\r\n3. Delivery Method:\r\n1) Self-sending by the unit:\r\na) If the unit requires a large number of announcement emails, they can assign a person in\r\ncharge to apply for an account and permissions to send these messages individually.\r\nb) The person in charge of the unit can use the unit's group account to send complete emails\r\nto the recipient group. After the Information Center reviews and approves the request, the\r\nemail will be sent to the recipient's mailbox. If the content of the email is incorrect or does not\r\ncomply with regulations, the Information Center will reject it and notify the person in charge of\r\nthe unit.\r\n2) Sent by the Information Technology Center on behalf of the unit:\r\na) If the unit's demand for announcement letters is small, they can apply for the Information\r\nCenter to send them on their behalf.\r\n2\r\nb) Except for emergency announcements, please submit the application two days before the\r\nscheduled sending date. Same-day requests for same-day delivery will not be accepted.\r\n4. Mail content specifications:\r\n1) The email content must include a subject, body text, the person in charge, and contact\r\ninformation. Please provide both Chinese and English versions (including the subject) to serve\r\nforeign faculty and students.\r\n2) The body text cannot consist of only images and links (it will be treated as junk mail or scam\r\nmail).\r\n3) The entire email (including attachments) should not exceed 1MB in size, and attachments\r\nshould be provided with related links as much as possible to save delivery efficiency. If\r\nattachments must be sent with the email, please provide them in ODF or PDF format.\r\n5. These Guidelines shall be implemented after being approved at the Information Technology\r\nService Center Supervisory Meeting, and the same shall apply for any subsequent amendment.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161183270990254080&type=s","pdffileurl":"","odffileurl":"","expFile":"National Yang Ming Chiao-Tung University, Information Technology Services Center’s Campus-wide Announcement Emails Delivery Service Guidelines"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Regulations Governing Information System Security","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2022-09-14","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University Regulations Governing Information System Security\r\nApproved at the fifth Administrative Meeting for the 2020¬–2021 academic year on June 2, 2021.\r\nApproved at the first meeting for the Information Security and Personal Data Protection Promotion Committee for the 2021–2022 academic year on June 20, 2022.\r\nAmended at the first Administrative Meeting for the 2021–2022 academic year on September 14, 2022.\r\n\r\n1.\tThe National Yang Ming Chiao Tung University Regulations Governing Information System Security (hereinafter referred to as “the Regulations”) were established by National Yang Ming Chiao Tung University (hereinafter referred to as “the University”) to maintain the confidentiality, integrity, and availability of the University’s information systems and to prevent malicious intrusions.\r\n2.\tDivisions that intend to operate self-developed public information systems shall submit system development security documents and vulnerability scan reports related to their systems to the IT Service Center (hereinafter referred to as “the Center”). Systems approved by the Center and deemed not to be of high or medium risk can be officially launched. For each system that does not meet the criteria, the Center shall provide a vulnerability verification report to the system management unit and notify the unit of improvements that need to be made before the deadline.\r\n3.\tDivisions that intend to outsource the development of their public information systems should require the outsource party to deploy sufficient and properly qualified and trained cyber security professionals who hold cyber security professional licenses or have similar business experience, in accordance with Article 4 of the Enforcement Rules of Cyber Security Management Act\r\n4.\tDivisions that intend to outsource the development of their public information systems should evaluate potential risks prior to commissioning contractors for the development of information systems. Additionally, each division should sign off on the appropriate information security protocols with each contractor to ensure that the contractor complies with the relevant information security regulations of the University and assumes full responsibility for such compliance. Please see the additional clauses to the contractual responsibility of contractors related to information security (Appendix 1).\r\n5.\tDuring the contracted period, the system authority of the contractor should be adequately monitored and revoked immediately upon completion of the contract period.\r\n6.\tEach division should implement regular reviews of their self-developed or commissioned information system based on the principles of classification and the defense standards stated in the Regulations on Classification of Cyber Security Responsibility Levels.\r\n7.\tThe main information system of each division must be protected by a firewall or other information security infrastructure to monitor data transmission and access in external and internal networks and to prevent intrusion and destruction, tampering, deletion, and unauthorized access within the system. In addition, the applicability of the control policies for the firewall should be regularly reviewed.\r\n8.\tThe Regulations shall be implemented after approval by the Administrative Meeting. The same rule shall apply to all subsequent amendments. \r\nAppendix 1: Additional clauses to the contractual responsibility of contractors related to information security\r\nArticle 1:\r\nContractors granted access to the websites, information services, and system maintenance (hereinafter referred to as “IT services”) of National Yang Ming Chiao Tung University (hereinafter referred to as “the University”) must comply with the information security regulations of both the University and its competent authorities.\r\nArticle 2　Information security requirements of contractors:\r\n(1) Contractors should provide the University with a vulnerability scan report and system development security documents for review before handing over IT services. The IT Service Center of the University (hereinafter referred to as “the Center”) retains the right to randomly perform vulnerability scans, the criterion for which no high or medium risk should be detected. Contractors are recommended to use credible software for vulnerability scanning, such as Nessus, OWASP-ZAP, OpenVAS, or Acunetix.\r\n(2) Contactors should attach documents related to information security when handing over IT services. These documents should include a vulnerability scan report and system development security documents. The system development security documents should include contents related to the information security control functions of the IT system, including password hashing, account management, access control measures, separate frameworks for websites and databases, risk analyses and countermeasures, code security assessment, system backups, and restoration plans.\r\n(3) Contractors shall be held fully responsible for the information security of the software and all digital documents (e.g., those stored on USB drives or hard disks) handed over to the University. Therefore, contractors should inspect for malicious entities (e.g., worm viruses, Trojan viruses, spyware) and covert channels before handing over software or digital documents to the University. For the handing over of IT services, contractors must clear all testing-related data before uploading the services to the relevant official online environment.\r\n(4) Contractors shall comply with the Cyber Security Management Act of Republic of China and the requirements specified in the Regulations and make improvements in any areas where the regulations have not been met before the deadline. Failure to make such improvements shall result in an official notification from the University stating that the IT service in question shall be blocked or taken down. Violations to the requirements shall be handled according to the disciplinary measures specified in the contract.\r\n(5) During the maintenance period, contractors must comply with the requirement of conducting annual vulnerability scan tests to ensure that the IT system is not at high or medium risk of violation. In addition, website services must be protected through data encryption and pass the test of the Center before registration under the domain of the University.\r\n(6) All IT services handed to the University shall be subjected to regular auditing, vulnerability scanning, and penetration testing throughout the quality assurance and service period. If any anomalies are detected, the Center may take information security countermeasures, including auditing, vulnerability scanning, and penetration testing. The costs incurred from any such countermeasures shall be paid in full by the contractor.\r\n(7) If a contractor is required to perform maintenance or management of the host computer from an external source, the contractor must first submit an application to the Center. After evaluation and approval of said application by the competent authority, the contractor shall be granted access.\r\n(8) After a contract has been closed or terminated, all information related to the University held by the contractor during the service period shall be deleted or disposed. In addition, contractor shall sign the Personal Data Return and Destruction Affidavit Letter, and records of all such instances of deletion or disposal shall be retained.\r\n(9) All IT services provided by contractors (e.g., software or system development) must implement version management. Additionally, IT services shall provide access management and access record retention functions in accordance with the regulations related to information security.\r\n(10) Contractors shall retain records pertaining to the handling of anomalies for the Center to review if necessary.\r\n(11) If any changes occur among the personnel responsible for system development, contractors shall actively contact the University and return any borrowed equipment, software, or operational authority to the University.\r\nArticle 3　Information security responsibility of contractors:\r\n(1) All contractors who engage in or handle IT services shall sign a non-disclosure agreement or affidavit and uphold their responsibility to maintain confidentiality.\r\n(2) All contractors must comply with the Personal Data Protection Act of Republic of China and the University’s regulations related to personal data protection to ensure the security of the University’s data and personal privacy data (e.g., data related to any person’s name, date of birth, ID Card number, features, fingerprints, marital status, family information, educational background, occupation, health conditions, medical records, financial status, community activities, phone number, or residency). If the University suffers damage or loss as a result of operational negligence on the part of an employee of the contractor, the contractor shall be held responsible for the damage or loss incurred (including any data leaked from websites managed by the contractor).\r\n(3) Regarding the occurrence of information security events during the service period of a contractor, the contractor must immediately notify the Center or the relevant competent authority, propose emergency countermeasures, and comply with the subsequent handling procedure(s).\r\n(4) If any of the IT services delivered to the University by the contractor involves the use of systems or resources that are not developed by the contractor itself, it shall be marked as not self-developed content and provide the source and its proof of authorization. In case of infringement the legal rights (e.g., intellectual property rights) of a third party, the contractor shall be responsible for handling and bear all legal responsibilities.\r\nArticle 4　Other precautions:\r\n(1) If a contractor turns over any IT services or products to a subcontractor or subcontractors for support, the contract must specify the authority–responsibility relationship between the contractor and the subcontractor (as detailed in the contract wording or specified in the contract appendices) to assure the overall deliverable level of service quality of the contractor is achieved. Subcontractors must also comply with the Regulations.\r\n(2) If contractors must bring laptops or portable data storage media (e.g., floppy disks, CD-ROMs, USB drives, external hard drives) to use in the Center’s Computer Center, they must first receive the approval of the accompanying personnel responsible, and any employees of the contractor must be registered on the visitor list of the Computer Center. The visitor list of the Computer Center shall be regularly reviewed by the relevant competent authority.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161183432391266304&type=s","pdffileurl":"","odffileurl":"","expFile":"National Yang Ming Chiao Tung University Regulations Governing Information System Security"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Guidelines on Computers and Internet Communication Usage Fees for Students","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2022-07-20","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University\r\nGuidelines on Computers and Internet Communication Usage Fees for Students\r\n\r\nApproved by the 1st interim administrative meeting of the 2021 Academic Year (July 20, 2022)\r\n\r\nArticle 1\tThe Guidelines for Charging Students for Using Computers and the Internet (hereafter the Guidelines) were formulated in accordance with Announcement No. 0970167294C from the Ministry of Education.\r\nArticle 2\tThe Guidelines were formulated by the NYCU Information Technology Service Center (hereafter the Center) to provide a high-quality, stable Internet usage environment and to promote respect for intellectual property rights and the use of legal software through the user pays principle.\r\nArticle 3\tComputer and Internet communication usage fees are used to support and pay for the network-related expenses of NYCU, software licensing fees, school administration systems, and information technology research and instruction, other uses must be approved by the President.\r\nArticle 4\tPayment methods:\r\n(1)\tAll NYCU students, including those in a Master’s program or an Industrial Master’s program, shall be charged NT$1,000 each for each semester of use. The fee shall be paid with the student’s registration fee. However, those who fulfill the following conditions are exempt from this requirement:\r\n1. Off-campus interns: No fees shall be applied for students in full-time off-campus internships.\r\n2. Students with special needs: No fees shall be applied for students with low household incomes, indigenous students, students with severe physical or mental disabilities, and the children of such students.\r\n(2)\tExchange students who are abroad and do not need to use software authorized by the university may apply for exemption from paying the fees.\r\nArticle 5\tThe income and expenditure specified in the Guidelines shall be managed as a special fund under the category of “Computer and Internet Communication Usage Fees.”\r\nArticle 6\tThe Guidelines and revisions thereof shall come into effect after receiving approval from the Administrative Meeting.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161183557318610944&type=s","pdffileurl":"","odffileurl":"","expFile":"National Yang Ming Chiao Tung University Guidelines on Computers and Internet Communication Usage Fees for Students"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Domain Management Guidelines","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2022-05-02","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University Domain Management Guidelines\r\nApproved at the Information Technology Service Center Supervisory Meeting of National Yang Ming Chiao Tung University, held on April 9, 2022.\r\nAmended at the Information Technology Service Center Supervisory Meeting of National Yang Ming Chiao Tung University, held on May 2, 2022.\r\n\r\n1. Purpose: To serve as the basis for the Information Technology Service Center (hereinafter referred to as “the Center”) measures for the operation and institutionalized management of the domain services of National Yang Ming Chiao Tung University (NYCU). \r\n2.  The scope of domain name application:\r\n(1) Domain name classification:\r\n1. First-tier domains\r\n(1) Eligibility:\r\nA.\tPrimary units including administrative units, colleges, departments, graduate institutes, and divisions.\r\nB.\tInterdisciplinary or interuniversity research centers.\r\nC.\tResearch centers and committees approved by the University Council Meeting.\r\nD.\tUnits that have been approved by the University Council or the Secretariat office to represent NYCU in external affairs.\r\n (2) Domain name format: ◯◯◯.nycu.edu.tw\r\n\r\n2. Second-tier domains\r\n(1) Eligibility: Student or faculty clubs, laboratories affiliated with faculty members, conferences, short-term activities, and secondary units affiliated with primary administrative units.\r\n(2) Domain name format:\r\nClub\t◯◯◯.club.nycu.edu.tw\r\nLaboratory\t◯◯◯.lab.nycu.edu.tw\r\nConference\t◯◯◯.conf.nycu.edu.tw\r\nShort-term activities\t◯◯◯.act.nycu.edu.tw\r\nOther affiliated units\t◯◯◯.◯◯◯.nycu.edu.tw\r\n       (Primary units)\r\n(3) The relevant activities of the laboratory or unit belonging to the department can also be applied under the domain of the original unit, for example, a laboratory of the Department of Computer Science can apply for the domain name ◯◯◯.cs.nycu.edu.tw or ◯◯◯.lab.nycu.edu.tw.\r\n\r\n(2) For the naming of domains and other types of records, the name must not contain information that is controversial, indecent, inappropriate, or suggestive of the aforementioned types of information.\r\n\r\n(3) A unit, conference, or event can only be assigned one name, which can be a domain name or subdomain name; the relevant unit can apply for a change if necessary.\r\n(4) Domain name conflict handling principle: Conflicts are handled on the basis of the “first come, first served” principle. In the case of a dispute, the Center shall mediate and adjudicate.\r\n\r\n3. Subdomain management authorization:\r\n(1) Eligibility: Units with information service personnel who are able to perform control and management of subdomains independently.\r\n(2) Authorization classification and responsibilities:\r\n1. Self-management of servers provided by the Center.\r\n(1) Subdomain name: Please apply for a domain name according to Provision 2 of these Guidelines.\r\n(2) The administrator must be a currently employed faculty member who can log into the management interface to perform management operations. The Center cannot retrieve any records that have been erased by mistake.\r\n(3) The administrator should accept the Center’s education and training in and assessment of operational management capabilities.\r\n(4) The administrator should fulfill the management responsibilities and proactively notify the Center to change the administrator account in the case of administrator alteration.\r\n2. Self-established DNS\r\n(1) The unit should be equipped with two or more DNS servers for configuration. The DNS servers should support DNSSEC, and EDNS support is recommended. The administrator should fulfill system management responsibilities, and the Center shall not be responsible for authorized DNS server installation, maintenance, and other related matters.\r\n(2) DNS service information security regulations:\r\nA.\tComply with the Information Security Law of the Executive Yuan and be subject to regular ISO audits and verifications.\r\nB.\tBe subject to the Center’s regular vulnerability scans and other security checks.\r\nC.\tIf a high risk is detected through the vulnerability scan, the administrator shall be notified. If the problem is not corrected within 1 month following the issuance of the notification for improvement, the unit supervisor shall be notified. If the problem is not corrected within 1 month following notification of the unit supervisor, the authorized domain shall be withdrawn.\r\n4. Service application:\r\n(1) Application method: Please go to the DNS service application system (https://dnsreg.nycu.edu.tw/) and provide the relevant information to facilitate the completion of the online application process.\r\n(2) One contact person must be assigned for each domain name and must be approved by the unit director or advising professor.\r\n(3) Application for modification:\r\n1. An application for modification should be submitted by the applicant.\r\n2. Please submit the modification application using the DNS Service Application System at https://dnsreg.nycu.edu.tw/.\r\n\r\n5. These Guidelines shall be implemented after being approved at the Information Technology Service Center Supervisory Meeting, and the same shall apply for any subsequent amendment.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161182886506795008&type=s","pdffileurl":"","odffileurl":"","expFile":"National Yang Ming Chiao Tung University Domain Management Guidelines"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Guidelines for Computer Classroom Management in the Information Technology Service Center","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2022-01-07","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University\r\nGuidelines for Computer Classroom Management in the Information Technology Service Center\r\nApproved at the 7th Administrative Meeting of the 2021 Academic Year (April 27, 2022)\r\n\r\n\r\nArticle 1\tThe NYCU Information Technology Service Center (hereafter the Center) established the Guidelines for Computer Classroom Management in the Information Technology Service Center (hereafter the Guidelines) to maximize the benefits of its software and hardware equipment and thereby provide NYCU students with a satisfactory information-related learning environment and tools.\r\nArticle 2\tFor venue information: Refer to the computer classroom service description on our website.\r\nArticle 3\tRegulations for reserving the classroom:\r\n(1)\tApplicants: NYCU faculty and students, participants or organizers in computer-related on-campus courses and activities, participants or organizers in computer-related courses offered by off-campus partners.\r\n(2)\tVenue fees:\r\n\r\nApplicants\tFee plan\tOther Classrooms\tComputer Classroom 4\tClassroom 401, Library, Information and Research Building\tNotes\r\nOn-Campus Individuals or Organizations\tHourly\t1000\t1500\t2000\tNo charge is applied for reserving the classrooms for information-related courses listed on the Academic Affairs Office class schedule or for free administrative business courses promoted by NYCU administration.\r\nAll other courses and activities must pay a fee in accordance with the specifications listed on the left.\r\n\tAvailable plans\tHalf day/ Nighttime\t3000\t4500\t6000\t\r\n\t\tFull day\t6000\t9000\t12000\t\r\n\t\tFull day + Nighttime\t8000\t12000\t16000\t\r\nOff-Campus Individuals or Organizations\tHourly\t2000\t3000\t4000\tAll off-campus individuals and organizations must pay a fee in accordance with the specifications listed on the left.\r\n\tAvailable plans\tHalf day/ Nighttime\t6000\t9000\t12000\t\r\n\t\tFull day\t12000\t18000\t24000\t\r\n\t\tFull day + Nighttime\t16000\t24000\t32000\t\r\n\r\nArticle 4\tHours of operation\r\nThe same as the hours of operation of the Center (applications for use during the holidays are accepted on a case-by-case basis).\r\nArticle 5\tReservation prioritization:\r\n(1)\tInformation-related courses listed on the Office of Academic Affairs class schedule.\r\n(2)\tInformation-related courses hosted by on-campus organizations.\r\n(3)\tInformation-related courses hosted by off-campus organizations.\r\nShould time conflict or other schedule coordination problems related to reserving the classroom occur, the Center reserves the right to make a final decision on the matter.\r\nArticle 6\tReservation application procedures\r\n(1)\tDownload the Classroom Reservation Application Form from the Center’s website. Fill in all fields in detail. Submit the application 7 days prior to the intended reservation date if any special equipment or software is required.\r\n(2)\tSubmit the completed application form to the front desk of the Center for processing:\r\n1. Yangming Campus: Classroom 509, Library, Information and Research Building\r\n2. Chiaotung Campus: 1F, Information Center\r\n(3)\tPayment instructions:\r\n1. No fee is required for information-related courses listed on the Office of Academic Affairs class schedule and for free administrative business courses promoted by NYCU administration for reserving the classroom.\r\n2. For other information-related courses or activities, after the fee is calculated by the Center, payments can be submitted to the Cashier Division of the Office of General Affairs and the application form and receipt should be submitted to the front desk of the Center.\r\n3. Failing to complete a payment within 3 days of the intended reservation date will result in the cancellation of the applicant’s reservation.\r\nArticle 7\tRefund procedures:\r\n(1)\tA full refund will be granted for cancellations prior to the date of reservation. However, if software installation has been entrusted to the Center in advance, a 20% maintenance fee will be deducted from the refunded amount. No refund will be granted for cancellations on the date of reservation.\r\n(2)\tTo obtain a refund, the applicant should bring the original copies of their receipt and account information to the front desk of the Center.\r\nArticle 8\tComputer classroom use regulations\r\nIndividuals and organizations reserving the computer classroom must abide by the following regulations:\r\n(1)\tTo ensure the classroom remains quiet and clean, foods, drinks, smoking, loud noises, and leaving garbage behind are forbidden in the classroom.\r\n(2)\tDeliberate damage to or theft of machinery and equipment is forbidden.\r\n(3)\tInappropriate use of the computers, such as for gaming or watching pornography, is forbidden.\r\n(4)\tAccessing, using, or copying illegal software or sound or video files that violate copyrights is forbidden.\r\n(5)\tThe front desk should be notified of any problems encountered when using the computer facilities of the Center. Computer devices and peripherals should not be moved or dismantled without authorization. Individuals who cause loss of or damage to equipment due to misuse are subject to liability.\r\n(6)\tTo protect intellectual property rights, downloading or installing unauthorized software on the classroom computers is strictly forbidden.\r\n(7)\tInstalling software is forbidden without the permission of the Center.\r\n(8)\tAfter the classroom reservation period is finished, the classroom should be restored to its original state.\r\n(9)\tUsers of the classroom should safeguard their personal belongings. The Center is not responsible for safeguarding them.\r\nArticle 9\tThe Regulations and revisions thereof shall come into effect after receiving approval from the Administrative Meeting.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161187196804272128&type=s","pdffileurl":"","odffileurl":"","expFile":"NYCU Guidelines for Computer Classroom Management in the Information Technology Service Center"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Campus Wireless Network Service Management Guidelines","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2022-01-07","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University Campus Wireless Network Service Management Guidelines\r\n\r\nApproved at the Information Technology Service Center Supervisory Meeting of National Yang Ming Chiao Tung University, held on January 7, 2022.\r\n\r\n\r\n1.\tPurpose\r\n    In response to the popularization of wireless network devices and the demand for diversified online teaching, National Yang Ming Chiao Tung University (hereinafter referred to as “the University”) has established this guideline to promote the institutionalization of campus wireless network service management, to assist all teachers and students in conducting teaching and academic-related research using network mobility services, and to achieve the effective use of resources. \r\n\r\n2.\tPrinciples of wireless network establishment\r\n(1)\tTo avoid the mutual interference of wireless network signals that affects the quality of use, the University uses a wireless central controller to manage the campus wireless network service. If any equipment affecting the operation of the service is identified, the University may take improvement measures to ensure the usage quality of the campus wireless network. \r\n(2)\t The University only installs and maintains the campus wireless network in some public areas, including the large international conference halls, student dining halls, campus outdoor public hotspots, and classroom areas. \r\n(3)\t Hotspot areas and public spaces of each unit may apply for wireless network services to be established if the following conditions are met:\r\n\r\n\tUnit\tUse of space\tRemarks\r\n1.\t\tTeaching unit\tMeeting room (open to the public)\tMust have more than 20 seats\r\n2.\t\tTeaching unit\tCommon research room/reading room of the department\tMust have more than 30 seats\r\n3.\t\tTeaching unit\tHotspot (indoor public rest space)\tMust have more than 30 seats\r\n4.\t\tAdministrative unit\tUsed for service purposes\tThe peak number of users must be 20 users per day\r\n5.\t\tAdministrative unit\tMeeting room\tMust have more than 20 seats\r\n6.\t\tStudent dormitory\tStudy room\tMust have more than 30 seats\r\n7.\t\tStudent dormitory\tHotspot (indoor public rest space)\tMust have more than 30 seats\r\n    If the requesting unit does not meet the scope described in the list when applying for the campus wireless network service, the University shall provide a wireless access point license and technical assistance, and the remaining installation and maintenance costs (such as the wireless access point, PoE switch, and wiring installation) shall be paid by the requesting unit.\r\n(Note: The wireless access point model purchased by the requesting unit must be compatible with the University’s wireless network controller).\r\n\r\n(4)\tThe Information Center shall mark relevant areas with the logo “National Yang Ming Chiao Tung University Wireless Network Service Area” to indicate that the Information Center is responsible for maintaining the quality of the service. \r\n \r\n(5)\t The University has the right to dynamically change the campus wireless network service area according to the demand for the wireless network service.\r\n\r\n3.\tApplication and management principles of wireless access point authorization\r\n(1)\tEligibility: Units not included in the scope of services described in Provision 2 of this guideline that intend to be included in campus wireless network control for the purpose of teaching and research.\r\n(2)\tApplication process: The requesting unit must complete the “Information Service Application Form” according to the actual scope of use, including information on space location, usage, and purpose, and submit the application to the Information Technology Service Center after the department/college supervisor has approved the application.\r\n(3)\tManagement principle: If the authorized wireless access point is not used within 6 months after verification by the monitoring system, the authorization for the wireless access point shall be withdrawn, and a new application must be submitted when the need arises.\r\n(4)\tThe requesting unit can purchase a wireless access point license that conforms to the University’s wireless network controller and request the University assist in its maintenance and management.\r\n\r\n4.\tWireless network service targets and usage instructions\r\n    The University offers the following four authentication methods (for details, please refer to the instruction on the Information Technology Services Center website):\r\n\r\n(1)\tNYCU: Students, faculty members, and staff can use their personnel ID or student number for personal authentication for the campus wireless network service. Users are required to keep their account IDs and passwords secure to avoid unauthorized use by others.\r\n(2)\tNYCU-Seminar: To apply for a shared account for the campus wireless network service for academic seminars and activities, host or co-host organizers must complete the “Information Service Application Form” and submit the application with the approval of the department/college supervisor.\r\n(3)\tNYCU-Guest: Temporary accounts are available for off-campus visitors, with access granted through SMS. For information security and convenience reasons, the University only provides web browsing service for visitors.\r\n(4)\teduroam: Staff, students, and alumni of the University can use their personnel ID or student number for authentication. Because the interuniversity roaming service has an access service for the connection unit of the roaming centers of other universities, for information security reasons, only web browsing service is provided. \r\n\r\n5.\tWireless network maintenance and abnormal usage response guidelines\r\n(1)\tIf a user experiences usage problems within the wireless network service scope, as detailed in Provision 2 of these Guidelines, the user can report the problem to the University’s Information Center, and the Information Center shall provide subsequent assistance to resolve the problem.\r\n(2)\tIf a wireless network service area is to be established in any university building, the following requirements must be met:\r\n1.\tThe SSID setting must be different from the campus wireless network SSID (e.g., NYCU, NYCU-Seminar, NYCU-Guest, and eduroam).\r\n2.\tIf the private wireless access point has affected the use quality of the campus wireless access point in the building, the University or the unit’s network administrator has the right to request the relevant user to make improvements or to remove the private wireless access point entirely. \r\n3.\tIf the private wireless access point is involved in an information security incident, the user must adhere to the University’s processing and investigation process. If the situation cannot be resolved, the University also has the right to request the relevant user to remove the private wireless access point.\r\n(3)\tIf abnormal usage occurs in the environment of a private wireless access point, the user must contact the network administrator of the unit first to solve the problem by themselves. If the network administrator of the unit cannot solve the problem, the unit can report to the Information Center of the University for assistance.\r\n\r\n6.\tUse of the campus wireless network must comply with “National Yang Ming Chiao Tung University Campus Network Use Regulations.”\r\n7.\tThese guidelines shall be implemented after they have been approved at the Information Technology Service Center Supervisory Meeting and sent to the President for approval, and the same shall apply for any subsequent amendment.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161184118264827904&type=s","pdffileurl":"","odffileurl":"","expFile":"National Yang Ming Chiao Tung University Campus Wireless Network Service Management Guidelines"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Enforcement Rules of Personal Data Protection","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2021-09-28","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University Enforcement Rules of Personal Data Protection\r\nPassed on September 28, 2021, at the 1st meeting of the Information Security and Personal Data Protection Committee for the 2021–2022 academic year\r\n1.\tTo regulate the collection, processing, and use of personal data; promote the reasonable use of personal data; and prevent the theft, tampering, damage, loss, and leakage of personal data, National Yang Ming Chiao Tung University (NYCU) hereby establishes the National Yang Ming Chiao Tung University Enforcement Rules of Personal Data Protection. The enforcement rules were formulated in accordance with NYCU’s Regulations Governing Information Security and Personal Information Protection.\r\n2.\tTerminology definitions:\r\nA.\tPersonal data: Information such as the person’s name, date of birth, ID Card number, passport number, features, fingerprints, marital status, family information, education background, occupation, medical records, healthcare data, genetic data, sex life information, health examination results, criminal records, contact information, financial conditions, and social activities that can be used to directly or indirectly identify the individual.\r\nB.\tPersonal data files: Person data file are files stored in paper or electronic format. Electronic personal data files include files and information system database files stored in personal computers.\r\n3.\tAll units shall assign staff members to serve as personal data protection staff, who are responsible for managing and compiling the personal data files of the unit. These files may be subject to subsequent audits.\r\n4.\tPersonal data file content that is inspected:\r\nA.\tAt least once a year, all units shall perform personal data inspections, personal data updates, and risk assessments by using the personal data inspection checklist provided by the IT Service Center.\r\nB.\tPersonal data file inspections are conducted to identify high-risk personal data. Such data may include:\r\n(1) Special personal data as defined in the Personal Data Protection Act\r\n(2) Personal financial information\r\n(3) ID Card number\r\n(4) Information that reveals an individual’s vulnerable status\r\n(5) Detailed descriptions of personal characteristics\r\n(6) Information that negatively affects an individual\r\nC.\tPersonal data file inspections include inspections of items such as data usage and data flow.\r\nD.\tPersonal data file risk assessments evaluate the importance of reference materials and examine and assess the security risks of current data and the risks of such data being used in acts that violate the law.\r\n5.\tDuring the collection, processing, or use of personal data, appropriate notification methods shall be applied unless otherwise stipulated by the law. When personal data are used for purposes other than that for which they were obtained, a check shall be conducted to determine whether the written consent of the parties involved for such use has been obtained, whether such use improves public welfare, or whether such use benefits the rights and interests of the parties involved. The following is a list of the types of information that shall be conveyed to the parties involved:\r\nA.\tNames of schools or institutions\r\nB.\tPurpose of information collection\r\nC.\tPersonal data type\r\nD.\tThe time, locations, targets, and methods pertaining to the use of personal data\r\nE.\tThe parties involved are exercising their rights to collect, process, or use personal data in accordance with Article 3 of the Personal Data Protection Act.\r\nF.\tThe possible infringement of the parties’ rights and interests if they choose not to provide personal data.\r\n6.\tThe personal data (e.g., medical records, healthcare data, genetic data, sex life information, health examination results, and criminal records) of an individual that can be used to directly or indirectly identify the individual shall not be collected and processed unless the consent of the individual has been obtained or the law stipulates otherwise. If the personal data of an individual are used for academic purposes, the data shall be properly handled such that they cannot be used to identify the individual.\r\n7.\tUnits that use information systems or cloud information services (e.g., questionnaire survey services that use Google Forms and Microsoft Forms) for administrative purposes that involve the collection of personal data shall pay attention to the following:\r\nA.\tData collection minimization: Only appropriate, relevant, and necessary personal data that meet the established objectives for data collection can be collected. During the processing and use of such data, they may not be used outside the scope of the established objectives, and data processing and use shall correspond to the objectives of data collection.\r\nB.\tAccess control: Attention shall be paid to file access authorization settings, and the principle of least privilege shall be adopted. That is, a user is only granted the authorizations necessary for completing their assigned tasks and completing objectives.\r\nC.\tA user who uses cloud information services shall read the setting content carefully and refrain from jointly editing personal data files with another individual. Additionally, a user shall refrain from granting to another individual the authorization to view the responses of other individuals (e.g., they shall not check the “Show summary charts and responses of others” box) to prevent other users from accessing user data, thereby causing a personal data leakage. Prior to the release of any information services, relevant settings shall be checked, operational tests shall be performed.\r\nD.\tTransmission confidentiality: Internet transmission shall be encrypted using HTTPS and TLS version 1.2 or newer.\r\nE.\tData storage security: During the collection of personal data or other sensitive personal data as defined in Article 6 of the Personal Data Protection Act, such data shall be stored in an encrypted form.\r\nF.\tTo avoid personal data leakage, a personal data storage period shall be set and collected personal data shall be deleted or destroyed at the end of the storage period or when the related operations have been completed.\r\n8.\tAll units shall assign specific staff members to manage and maintain the personal data stored in shared computers or automated equipment.\r\n9.\tFor non-routine operations or cross-unit data circulations that are being performed for the first time, a unit shall fill out the Data Usage Application form.\r\n10.\tFor the saving, transmission, and backing up of personal data that require encryption, appropriate encryption mechanisms should be adopted during the collection, processing, or use of such data. For information that is intended for the parties involved, care shall be taken to ensure that the files containing such information do not contain the personal data of any uninvolved parties and that the information is provided to the correct data recipients. Hence, provision of information to unrelated individuals can be avoided.\r\n11.\tIf a written document or website announcement made by a unit contains the ID Card number of an individuals, the last 4 digits of the number must be concealed.\r\n12.\tPersonnel who process personal data shall use the email system provided by NYCU to transmit and encrypt these personal data files. They are prohibited from transmitting or disclosing personal data files through tools other than those provided by NYCU (e.g., instant messaging software, external web-based electronic devices [e.g., Webmail], peer-to-peer [i.e., P2P] software, Tunnel-related tools, cloud storage tools [e.g., Dropbox], social networking sites, blogs, public forums, and other Internet forms).\r\n13.\tA user shall destroy the personal data stored in media such as paper, floppy disks, magnetic tapes, CD-ROMs, microfilms, and integrated circuit chips when the media are disposed of or used for other purposes. The user shall also fill out the Personal Data Destruction Record or Personal Data Transfer Termination Record.\r\n14.\tDuring the collection, processing, and use of personal data, a trustor shall specify in a procurement contract the monitoring, information-security clauses, confidentiality, and disposal clauses that pertain to breach of contract. Additionally, a trustor shall manage the authority of outsourced and external personnel to access information and introduce personal data management processes. After a period of entrustment, a trustor shall return the accessed personal data to NYCU and sign the Affidavit for the Return and Destruction of Personal Data.\r\n15.\tAppropriate monitoring measures shall be taken during the collection, processing, and use of the personal data provided by a trustee:\r\nA.\tThe scope, type, objective, and duration of collecting, processing, or using a trustee’s personal data shall be determined.\r\nB.\tAppropriate security and maintenance measures shall be taken by a trustee.\r\nC.\tWhen a trustee is appointed for a re-entrustment, the appointed trustee shall be identified.\r\nD.\tWhen the Personal Data Protection Act or contractual terms have been violated or breached, a trustee shall take remedial measures to resolve the issues disclosed by a trustor.\r\nE.\tIssues not disclosed by a trustor to a trustee.\r\nF.\tWhen an entrustment relationship is terminated or rescinded, a trustee shall return the personal data of a trustor and delete the personal data that were stored.\r\n16.\tTechnical management measures:\r\nA.\tAuthentication mechanisms (e.g., account names and passwords) should be applied to computers, related equipment, and systems. A password should contain both uppercase and lowercase English letters and numbers and at least 8 digits. A password must be changed regularly, and the effectiveness of the authentication mechanisms must also be tested regularly.\r\nB.\tAntivirus software must be installed on computers, and virus patterns must be updated in real time.\r\nC.\tA computer operating system shall be maintained and updated, and the necessity of updating application software shall be evaluated.\r\nD.\tScreensaver and password lock prompts shall display within 15 minutes when a computer is idle.\r\nE.\tNo file sharing software shall be installed on computers that control user access.\r\nF.\tThe usage status and personal data access status of information systems that process personal data shall be checked regularly.\r\nG.\tA unit shall implement the necessary access controls on the basis of its work content, work environments, the personal data type and quantity that are involved, and it shall manage personal data storage media in appropriate locations and by applying the appropriate methods.\r\n17.\tThe following records should be maintained to allow for an inspection of personal data protection to be conducted:\r\nA.\tPersonal data delivery and transmission records.\r\nB.\tPersonal data accuracy records and revised records.\r\nC.\tRecords of parties exercising their rights.\r\nD.\tRecords of changes to the authority of affiliated personnel (i.e., adding, changing, or removing their authority).\r\nE.\tRecords of personal data deletions, destructions, and transfers.\r\nF.\tRecords detailing the prevention, reporting, and processing of personal data protection incidents.\r\nG.\tRecords of backups and restoration tests.\r\n18.\tAll units shall follow internal audit schedules and fill out the personal data management internal audit checklist.\r\n19.\tThe staff of all units shall complete the relevant education and meet the training hour requirements imposed by the competent authority.\r\n20.\tThese enforcement rules are in effect after they are passed at the meeting of the Information Security and Personal Data Protection Committee; the same shall apply to any amendments hereto.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161184610596425728&type=s","pdffileurl":"","odffileurl":"","expFile":"National Yang Ming Chiao Tung University Enforcement Rules of Personal Data Protection"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Operating Procedure for Suspected Infringement of Intellectual Property Rights on Campus","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2021-07-30","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University Operating Procedure for Suspected Infringement of Intellectual Property Rights on Campus\r\nApproved in the management meeting of the NYCU Information Technology Service Center on July 30, 2021\r\nArticle 1 Objective\r\nIn the current era of information and communication technology advancement, computers, the Internet, and technology have brought convenience to people’s daily lives. Most people use digital methods to input, collect, process, store, and use data. The ubiquity of digital data has made computers and the Internet both the target and tools of criminal activity. To protect the works and research of NYCU from being stolen, suspected infringements must be urgently addressed. The NYCU Information Technology Service Center (hereafter referred to as “the Center”) herein stipulates the procedure for dealing with such incidents to ensure the protection and management of the intellectual property rights of NYCU.\r\nArticle 2 Principles of fair use of online intellectual property rights\r\nThe use of computers and the Internet is governed under the regulations of Copyright Act. All information, including texts, pictures, animations, audio materials, videos, and computer programs, transmitted online are protected under the Copyright Act. Therefore, Internet users must be aware of the regulations of the Copyright Act. The actions of accessing and using information online through browsing websites is justifiable. However, Internet users must note that behaviors, including uploading, downloading, reposting, forwarding, pasting, editing, transmitting, printing, modifying, and scanning, are strictly regulated under the Copyright Act.\r\nWhen online operators or managers intend to upload publicly accessible information, they must pay attention to whether the sharing of the work is authorized by the copyright owner. Because uploading involves storing information on a hard disk drive of an online server, this act involves the reproduction of the information, thereby constituting the possible infringement of copyright.  \r\nArticle 3 Scope\r\nThe present procedure applies to all the faculty and students of NYCU. The scope includes administrative units, academic units, dormitory networks, research centers, the Center for Industry–Academia Collaboration, and NYCU FTTB. \r\nArticle 4 Project work\r\n1.\tSessions for promoting intellectual property rights (twice per year)\r\nLawyers or legal scholars are invited to promote relevant laws. The foci of such promotion sessions are topics related to the “use of online intellectual property rights” and “infringement behavior and legal responsibility in the use of P2P software.” The target audience is the faculty and students of NYCU.\r\n2.\tIntellectual property rights quizzes with prizes (annually) \r\nOnline quizzes with prizes are established to enhance students’ understanding of intellectual property rights. The quiz items include topics related to the Copyright Act, Patent Act, Trademark Act, and Trade Secrets Act. The items shall relate to daily scenarios. The target audience is the faculty and students of NYCU.\r\nArticle 5 Procedure for handling the suspected infringement of intellectual property rights on campus\r\n1.\tThe Center receives reports of suspected cases of the infringement of intellectual property rights. The report sources include the Ministry of Education TANet suspected infringement of intellectual property rights reporting website, letters from the police, reports from the Department of Information and Technology Education, and reports from other units outside NYCU.  \r\n2.\tThe Center identifies the unit associated with the given internet protocol (IP) address (including administrative units, academic units, dormitory networks, research centers, the Center for Industry–Academia Collaboration, and NYCU FTTB).  \r\n3.\tThe Center reports the suspected infringement to the primary supervisors and information security managers of the Center.\r\n4.\tThe Center submits a report to the primary supervisors or network engineers of the relevant unit.\r\n5.\tThe Center composes and submits an official letter to the relevant unit for collaborative processes.\r\n6.\tThe relevant unit identifies the IP user and the host location and reports the case to the advisor or laboratory director.\r\n7.\tThe IP may be blocked immediately depending on the severity of the case, and the digital evidence is preserved. \r\n8.\tThe Center supports the relevant unit in engaging in internal investigation, evidence collection, evidence preservation, evidence examination, and evidence analysis.\r\n9.\tAfter the investigation process, the IP user must be informed that their behavior infringes on intellectual property rights. If the user admits to violating intellectual property rights, they must complete the Reply Form for Processing the Infringement of Intellectual Property Rights and sign an affidavit of confession of judgment.  \r\n10.\tIf the user denies violating intellectual property rights, the unit network engineer shall record, preserve, and submit the evidence to prosecutors for further processing.\r\n11.\tIf the reported IP address is confirmed to be associated with the infringement of intellectual property rights, the user of the address who violates NYCU Campus Intellectual Property Rights Regulations for the first time and whose infringement is considered to be mild shall have their IP address blocked for 2 weeks. Recurrent infringement shall lead to the blocking of the IP address for 1 month, and the violator shall be punished according to National Yang Ming Chiao Tung University Student Reward and Punishment Guidelines.\r\n12.\tIf any illegal behavior is involved, the Center shall support the relevant unit in preserving and submitting relevant investigation evidence and records to prosecutors for further processing. The court shall summon the user for interrogation. \r\n\r\nArticle 6 Internet use must comply with NYCU Campus Network Use Regulations (approved in the fifth administrative meeting in the academic year of 2020 on June 2, 2021)\r\nInternet users shall respect intellectual property rights and must not engage in any of the following behaviors:\r\n1.\tUsing unauthorized computer software.\r\n2.\tIllegally downloading and replicating works protected under the Copyright Act.\r\n3.\tUploading copyrighted works on publicly accessible websites without the consent of the copyright owner.\r\n4.\tArbitrarily reposting articles from online forums in which the author clearly states that reposting is prohibited. \r\n5.\tUsing websites or P2P tools to make copyrighted works publicly accessible.\r\n6.\tEngaging in other behaviors relating to the infringement of intellectual property rights.\r\n\r\nArticle 7 According to ISO27001 Information Security Management, the Center shall provide security examination record forms for all units of NYCU. In each semester, the Center cooperates with unit-affiliated network engineers to audit information security and intellectual property protection measures without a fixed schedule.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161186632355811328&type=s","pdffileurl":"","odffileurl":"","expFile":"NYCU Operating Procedure for Suspected Infringement of Intellectual Property Rights on Campus"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Campus Network Use Regulations","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2021-06-02","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University Campus Network Use Regulations\r\nApproved at the 5th Administrative Meeting of National Yang Ming Chiao Tung University, held on June 2, 2021.\r\n\r\n1.\tTo ensure the campus network can support teaching, research, administrative, and online learning activities, to promote respect for the rule of law, and to provide a basis for Internet users to follow, National Yang Ming Chiao Tung University (hereafter referred to as “the University”) has established the Campus Network Use Regulations (hereinafter referred to as “the Regulations”) in accordance with the “Campus Network Use Regulations” issued by the Ministry of Education. \r\n2.\tInternet users must avoid the following behaviors, which may constitute the infringement of intellectual property rights:\r\n(1)\tUse of unauthorized computer programs.\r\n(2)\tIllegal downloading and copying of works protected under copyright law. \r\n(3)\tUploading of protected works on a public website without the consent of the copyright owner.\r\n(4)\tArbitrary reproduction of articles that have been expressly prohibited from being reproduced by the author on social media, bulletin boards (BBS), or an online discussion forum. \r\n(5)\tEstablishment of website for the illegal downloading of protected works by the public.\r\n(6)\tPerformance of other actions that may involve the infringement of intellectual property rights.\r\n3.\tThe abuse of the network is prohibited, and the network users are not allowed to engage in the following behaviors:\r\n(1)\tSpreading of computer viruses or other programs that interfere with or disrupt the functionality of the system.\r\n(2)\tUnauthorized interception of network transmission messages. \r\n(3)\tUnauthorized use of network resources through hacking, stealing, or unlawfully accessing other users’ accounts and passwords.\r\n(4)\tLending of your account to someone else for no reason, or disclosure of someone else’s account and password for no reason.\r\n(5)\tHiding of accounts or use of fake accounts. This does not apply to anonymous users who have been given express authorization for such actions.\r\n(6)\tViewing of others’ emails or related computer information.\r\n(7)\tMisuse of network resources in any way, including the mass transmission of advertisements, chain letters, or useless information through e-mail, the flooding of mailboxes, and the plundering of resources, with the purpose of affecting the normal operation of the system. \r\n(8)\tDissemination of fraudulent, defamatory, insulting, obscene, disturbing, or illegal software transaction information or other illegal information through e-mail, online chat, BBS, or similar means. \r\n(9)\tEngagement in nonteaching and non-research-related or illegal activities using campus network resources.\r\n(10)\tDisclosure of official, confidential information.\r\n4.\tTo implement procedures described in these regulations, the division of labor and management of network-related matters are as follows:\r\n(1)\tThe University’s perimeter network and backbone network connecting each unit are managed by the Information Technology Service Center (hereinafter referred to as “the Information Center”). \r\n(2)\tThe internal network of each unit (including teaching, administrative, and non-establishment units) shall be managed by the unit. A management mechanism shall be established for the allocation and use of internal network addresses.\r\n(3)\tEach unit shall assign network management personnel to provide network management services within the unit. The scope of the power and responsibilities of network management personnel is as follows:\r\n1.\tThe IP address of each unit must be applied for by the unit’s network management personnel through completion of the “Information Service Application Form.” Applications for IP addresses must be submitted to the Information Center for review after the applying unit’s network administrator has compiled all of the unit’s completed application forms.\r\n2.\tThe network management personnel of each unit are responsible for the allocation and management of the issued IP addresses, and accurate user information such as the name, unit, location, contact number, and mailbox of the IP users must be logged. Updates of information must be provided in the case of any change. \r\n3.\tIf the network management personnel of a unit change, the “Network Management Personnel Change Notice” form must be completed to notify the Information Center to update network management personnel information. The form must also be given to the network management work unit to facilitate network maintenance.\r\n4.\tFor IP addresses with special purposes (e.g., for a server, NAT router, or experimental test host), an application must be submitted. The “IP Whitelist Application Form” must be completed, and the information must be logged accurately. \r\n5.\tThe responsibility for managing and promoting Internet use and related regulations must be fulfilled.\r\n6.\tPersonnel must attend the network management staff meeting held by the Information Center.\r\n7.\tPersonnel must participate in information security training and pass network management and information security inspections every academic year.\r\n8.\tThe “Information Security and Intellectual Property Rights Management Inspection Record Form” must be completed regularly.\r\n(4)\tThe Information Center has the right to redistribute the IP addresses of each unit according to the actual usage rate of each unit’s IP addresses.\r\n(5)\tTo ensure the proper allocation of network resources, the management unit has the right to appropriately segregate and control network traffic.\r\n(6)\tFor users who consume a large amount of network resources for no reason or who exhibit abnormal network traffic that affects the normal operation of the network, the management unit may activate traffic control measures or suspend the user’s right to Internet use. The network connection shall only be restored after confirmation that the user’s Internet usage behavior has normalized. \r\n(7)\tAll types of application servers (including electronic BBS and websites) shall be managed and maintained by dedicated personnel. The personnel in charge may suspend a user’s right to use a website if the user violates the rules of website use.\r\n(8)\tIf users identify any defects or loopholes in system security, they should notify the management unit as soon as possible.\r\n(9)\tTo reduce security threats to the University’s information system, traffic from the off-campus network (not an internal IP address of the University) shall be blocked, except for those services that are already open to the public. If other open services are required, an application must be submitted.\r\n(10)\tRestricted internal administrative campus information systems are to be linked and accessed only from internal campus IP addresses or through the University’s virtual private network.\r\n(11)\tThe use of P2P software is prohibited in principle on the campus network, but applications may be submitted if such software use is required for academic, teaching, and other special activities. However, if the use of P2P software affects the campus network service, such software shall be blocked.\r\n(12)\tThe Information Center shall provide a security checklist for use by all units on campus and shall conduct information security and intellectual property protection audits each semester with the cooperation of the respective network administrators.\r\n5.\tInternet users must be aware of any suspected security threats to ensure the safety of Internet use. All information security incidents reported through the Ministry of Education Information and Communication Security Contingency platform and official correspondence shall be handled according to the following principles:\r\n(1)\tIf the IP address reported through the information security notification platform of the educational institution is verified, and if the violation is minor, the IP address shall be blocked for 2 weeks; if the violation is more serious or a repeated violation, the IP address shall be blocked for 1 month, and a punishment in accordance with the University’s reward and punishment regulations shall be administered.\r\n(2)\tIn the case where an official letter is sent by the prosecutor or police, the University does not have the authority to investigate the case. Hence, if the University perceives a need to investigate the case, it shall request the prosecutor or police officer to provide a search warrant to ensure the University’s cooperation with the investigation.\r\n6.\tUsers who violate the network usage rules shall be disciplined according to the following conditions:\r\n(1)\tFor a user who presents an immediate threat or disruption to network use, the network connection of the user exhibiting abnormal activity shall be blocked immediately, and the network administrator or the supervisor of the unit to which the user is affiliated shall be notified. The user or the unit’s network administrator must report the situation to the Information Center within 1 week of noticing or receiving notification of the problem. After confirming that the problem has been resolved, the Information Center administrator shall lift the network ban.\r\n(2)\tFor a user who does not present an immediate threat or disruption to network use, the user or the network administrator of the unit to which the user is affiliated shall be notified of any abnormal usage behavior. The network management personnel must complete the investigation, counseling, and improvement or the disposal of the notification report within 3 days after receiving the notification and report to the Information Center regarding the handling of the situation. If details of ongoing procures to rectify the situation are not sent to the Information Center within another 3 days, the Information Center may block the network connection of the user exhibiting abnormal activity.\r\n7.\tNetwork administrators should respect personal privacy rights and may not arbitrarily view users’ personal data or violate their right to privacy, except in one of the following situations in which device administrators or users must cooperate in providing necessary system permissions:\r\n(1)\tFor the maintenance or inspection of system security.\r\n(2)\tTo obtain evidence or investigate misconduct on the basis of reasonable suspicion of a violation, as detailed in Article 2 and 3 of these Regulations (regarding respect for intellectual property rights and the prohibition of abuse or interference with network systems). \r\n(3)\tFor cooperation with the investigation of the judicial authorities, if an off-campus unit must investigate a crime, the chief secretary of the University should be notified in advance, and the relevant legal letter (credentials) should be presented. After receiving notification from the University Secretariat, each unit shall provide relevant information in accordance with the “Guidelines Governing the Cooperation of Taiwan Academic Network Connection Units to Prevent Cybercrime,” “Personal Data Protection Act,” and “Civil Servant Work Act.” \r\n(4)\tTo obtain relevant information to facilitate timely prevention of and rectifying measures in the case of an emergency (e.g., major changes in life or property). \r\n(5)\tTo perform other actions in accordance with the laws of Taiwan.\r\n8.\tInternet users who violate these regulations shall be subject to the following penalties:\r\n(1)\tTemporary suspension of network resources (IP blocked for 1 week).\r\n(2)\tIn serious cases, the suspension of Internet resources shall be extended, and the student shall be punished in accordance with the University’s regulations and related reward and penalty regulations.\r\n(3)\tIn the event that the user being penalized in accordance with the preceding two articles commits another law violation, the perpetrator shall be held legally responsible in accordance with Taiwan’s civil laws, criminal laws, copyright laws, or other relevant laws and regulations.\r\n9.\tThese Regulations shall be implemented after their approval at the University’s Administrative Meeting, and the same shall apply for any subsequent amendment.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161184986947129344&type=s","pdffileurl":"","odffileurl":"","expFile":"National Yang Ming Chiao Tung University Campus Network Use Regulations"}],"images":[],"videos":[],"audios":[],"resources":[]},{"subject":"NYCU Regulations Governing Information Security and Personal Information Protection","dataClassName":null,"pubUnitName":"Information Technology Service Center","posterDate":"2021-06-02","updateDate":null,"detailContent":"","summary":"National Yang Ming Chiao Tung University Regulations Governing Information Security and Personal Information Protection\r\nApproved at the fifth Administrative Meeting for the 2020–2021 academic year on June 2, 2021.\r\n1.\tTo maintain information security and protect personal information, National Yang Ming Chiao Tung University (hereinafter referred to as “the University”) established the National Yang Ming Chiao Tung University Regulations Governing Information Security and Personal Information Protection (hereinafter referred to as “the Regulations”) to enhance security management for information assets; ensure the confidentiality, integrity, availability, distinguishability, and non-repudiation of these assets; and support faculty and students in ensuring the protection of their personal information with respect to the application of information systems to meet specific operation demands.\r\n2.\tThe Regulations, including ancillary requirements established based on them, were created by referencing the Cyber Security Management Act, the Personal Data Protection Act, the Copyright Act, and the Classified National Security Information Protection Act; information security management regulations established by the Executive Yuan and affiliated agencies; Directions Governing Information Security in Educational System; and other relevant regulations and standards.\r\n3.\tThe Regulations apply for all informational assets and information users associated with the University. Information users must adhere to the Regulations; those who violate the Regulations shall be penalized according to relevant laws.\r\n4.\tThe Vice-President of the University shall be appointed by the President to serve as the Information Security Manager and shall be responsible for supervising the implementation of information security and personal data protection policies in the University. Additionally, an executive secretary shall be appointed to assist the Information Security Manager in this regard.\r\n5.\tTo ensure that the information security and personal data protection tasks of the University are executed, an Information Security and Personal Data Protection Committee (hereinafter referred to as the “the Committee”) shall be established as an interdisciplinary division. The Committee is responsible for the planning, coordinating, and drafting of information security and personal data protection policies and plans, as well as resource allocation and the execution of relevant tasks. The Committee members shall comprise the Vice-President, Secretary General, Dean of Academic Affairs, Dean of Student Affairs, Dean of General Affairs, Dean of Research and Development, Dean of International Affairs, Curator, Director of the Center of Environmental Protection and Safety and Health, Director of the Personnel Office, and Director of the Accounting Office, as well as one representative from NCYU School of Law and the Director of the IT Service Center, who shall be appointed as the ex officio committee member. The Committee members shall convene for at least one management and evaluation meeting annually, with the Information Security Manager serving as the convenor.\r\n6.\tThe University shall establish an Information Security and Personal Data Protection Task Group. The members of this group shall comprise senior operators of the IT Service Center, individuals in charge of core operational tasks, and second-level executives of core operational divisions. This task group shall be responsible for the planning, execution, and auditing of information security and personal data protection operational principles. The Director of the IT Service Center shall serve as the convener of this task group.\r\n7.\tIn accordance with the Cyber Security Management Act and Personal Data Protection Act, the IT Service Center shall establish the National Yang Ming Chiao Tung University Cyber Security Management Act and Personal Data Protection Implementation Regulations to govern policies, goals, and core operations related to information security and personal data protection. The regulations shall be implemented after approval by the Committee, and the same rule shall apply to all subsequent amendments.\r\n8.\tThe University shall conduct information security and personal data protection education training and promotion to improve faculty and students understanding of information security and personal data protection.\r\n9.\tThe Regulations shall be reviewed regularly to reflect the most recent relevant standards, technologies, and operational conditions.\r\n10.\tThe Regulations shall be implemented after approval by the attendees of the Administrative Meeting. The same rule shall apply to all subsequent amendments.","liaisonper":null,"liaisontel":null,"liaisonfax":null,"liaisonemail":null,"docs":[{"fileurl":"https://it.nycu.edu.tw/it/en/app/data/doc?module=nycu0014&detailNo=1161184852343525376&type=s","pdffileurl":"","odffileurl":"","expFile":"National Yang Ming Chiao Tung University Regulations Governing Information Security and Personal Information Protection"}],"images":[],"videos":[],"audios":[],"resources":[]}]