Technical controls
Transport and browser hardening are enforced at deployment
Nginx applies HSTS, nosniff, frame, referrer, permissions, and CSP report-only headers as part of the static deployment baseline.
Information Security Governance
Maintain the public site through least privilege, change control, and scheduled review
The site uses a static-build plus Nginx delivery model, applying transport protection and security headers at the deployment layer. PDCA-style improvement is executed through monthly updates, quarterly security testing, and annual content review. The information security contact point is service@ronjye.com.tw.
Control Baseline
Documented, reviewable, and linked from the public site
These governance pages support legal review, security review, and change-management traceability without introducing a backend policy system.
Review cadence
Monthly updates, quarterly tests, annual policy review
Dependency and system updates are reviewed monthly, security testing is repeated quarterly, and public policy pages are reviewed at least annually and after material changes.
Continuous improvement
Security gates are part of the non-GitHub release path
Build, validation, header checks, and optional live scanning are executed through the documented CI script so change records stay auditable.
Next Step
Need the privacy handling detail?
The privacy policy explains which contact information is handled and how requests are managed.
Open privacy policy