Personal Data (Privacy) Ordinance has always been strictly adhered by Department of Health in handling all personal data and keeping personal data confidential at all times.

CSIS is locked inside a secured room and can only be accessed by staff authorized by Department of Health.

CSIS web servers are protected by two layers of firewall systems to prevent unauthorized access.

Information is encrypted during all personal data storage and transmissions through the Internet between public users and the system.

With the use of 128 bit Secure Socket Layer (SSL) encryption (which is one of the online security standard for commercial application), we ensure the security of users' data from unauthorized access.

Our system will monitor each login attempt. If there are three consecutive login attempts with incorrect password, the online service will be suspended immediately.

In case if that users forget to logout from the CSIS system, online access will be disconnected automatically after a short period of inactivity to prevent unauthorized action.

The type of information, which a user could access, is safeguarded by tight control mechanisms so that a user could only access to information that he/she is authorized.

We will not ask for customers' account number, password or any personal information via emails.

A third party had been commissioned by Department of Health in 2005 to conduct a Security Risk Assessment and Audit Exercise for CSIS to review the security status of the system and improvements had been made.