[English] [繁體版] [简体版] [Graphic Version] [FAQ] [Search GO] [Change text size:A A A] [Print]

Navigation Menu 1

[General Users] [Youngsters & Students] [Parents and Teachers] [IT Professionals] [SME]


Guidelines & Standards

To facilitate your planning on information security management for your company, we have highlighted some useful guidelines that are recommended as effective security practices and internationally recognised standards related to information security.

( To view and print the downloaded document, you need to use an Adobe Acrobat Reader. Please click here to download if necessary. )

Government IT Security Policy and Guidelines

The Government of HKSAR has issued a Baseline IT Security Policy and a series of guidelines related to IT security to provide references and guidance to Government bureaux and departments in respect of the protection of Government information systems. The related documents are obtainable through the hyperlinks provided below. Users should note that the documents are for general reference only and users are responsible to make their own assessment on the information provided and to obtain independent advice before acting on it.

There is increasing public concern about the security of information passing through public Wi-Fi networks. To address such a concern, the Communications Authority (CA) has published a set of security guidelines for public Wi-Fi service operators to follow. The guidelines are developed jointly with the industry and the relevant professional bodies.

Standards for Information Security

IT Security References

Selected Guidelines and References for Online Business

There are some basic guidelines that you need to pay attention and adhere to when running an online business.

Useful Guidelines & References Details
Major Principles in OECD Guidelines for Consumer Protection in the Context of Electronic Commerce Principles and good practices on e-commerce
Electronic Transactions Ordinance It concerns the legal status of electronic records and digital signatures used in electronic transactions as that of their paper-based counterparts.
A Guide to Personal Data Privacy and Consumer Protection on the Internet Published by the Hong Kong Productivity Council and supported by the Consumer Council and Office of the Privacy Commissioner for Personal Data on the protection of data privacy.
A Practical Guide for IT Managers and Professionals on the Personal Data (Privacy) Ordinance(English only) This Guide was compiled by Hong Kong Computer Society (HKCS) with the support of the Office of the Privacy Commissioner for Personal Data (PCPD). It aims to help enterprises, especially IT Managers and Professionals, to protect personal data privacy.
Preparing On-line Personal Information Collection Statements and Privacy Policy Statements This guide provides data users with practical guidance on how to prepare on-line Personal Information Collection (PIC) Statements and Privacy Policy Statements (PPS).

Seals of Approval for Establishing Online Business

The Internet provides the most convenient platform for border-less and round-the-clock business activities. However, most Internet users still lack confidence in using the medium for business transaction. One of the most effective ways to gain trust from customers and build up recognition for your online business is to obtain a Seal of Approval from an independent verification organisation. There are some international Seals of Approval programs available in the market providing such verification and here are some examples:


WebTrust in Hong Kong

The WebTrust program is:

An online site that has a WebTrust seal means that the company has passed the WebTrust examination by a licensed Certified Public Accountant (CPA), Chartered Accountant, or equivalent. Hong Kong Institute of Certified Public Accountants is one of international affiliates of the program.

Under the WebTrust program, the online company is periodically examined by a WebTrust licensed CPA to ensure compliance with the current WebTrust principles including:


TRUSTe is a privacy seal, or called a "trustmark", is an online branded seal that takes users directly to the privacy statement of an approved website. The trustmark is awarded to websites that adhere to the privacy principles and comply with the oversight and consumer resolution process. By displaying the trustmark, a website is telling consumers up front that it has made a commitment to communicating its privacy practices openly. A displayed trustmark signifies to users that the website will openly share, at least, the following:

Back Top

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices

Copyright 2002. The Government of the Hong Kong Special Administrative Region.