TNSA 籌備處

協助中小企業以低門檻建立自評能力，並持續強化證據與治理流程，逐步達到所需的資安成熟度。

成立宗旨

為協助台灣企業建立符合國際標準的供應鏈資安治理機制，並因應跨國供應鏈對自評與稽核能力日益提升的需求，特設立「台灣網路資安協會籌備處」（以下簡稱 TNSA 籌備處）。TNSA 參考各國供應鏈資安評級與治理架構的精神，包括日本的成熟度評級概念、美國 NIST SP 800-171/CMMC、自我評量制度與歐盟 NIS2 的監管要求，同時結合台灣產業特性，致力於發展具本地適用性的自評模式與成熟度治理框架，為未來正式成立「台灣網路資安協會（TNSA）」奠定制度根基。

組織定位與任務 (Role and Mission)

TNSA 籌備處為中立性的資安治理推動平台，旨在協助台灣企業導入適用之供應鏈資安自評與成熟度治理機制，其主要職責如下：

參考國際供應鏈資安成熟度模型之精神，建立適用於台灣產業的評估與治理架構。
負責推動制度本地化、工具開發維運與試點專案管理。
制度推廣：舉辦教育訓練與說明會，協助企業理解自評要求與成熟度提升路徑。
國際對接：與國際治理框架保持一致性，促進台灣企業在跨國供應鏈中的資安互信與接軌。

運作機制

一、三軸治理模式

軸向	主要角色	職能任務
制度轉譯軸	TNSA 技術顧問群	條文映射、工具設計、佐證標準
試點驗證軸	供應鏈企業群	自評實施、資料回傳、改善回饋
資料回饋軸	TNSA 籌備處	整合評估結果、編制報告，並就制度運作進行意見交換與改善建議

二、運作流程

制度導入：參考國際供應鏈資安治理架構與成熟度模型之條文與基準，調整為適用台灣產業的版本。
工具轉譯：TNSA 籌備處將國際治理要求本地化，轉化為可稽核、可落地的工具組與作業指引。
企業試點：領航企業帶動供應商完成自評與上傳。
外部驗證：與第三方審查機構合作進行抽核與獨立查證。
結果回饋：彙整群體稽核成果，形成整體報告，並提供制度改善建議以提升跨組織之資安互信。

組織成員與顧問

召集人／研究主持：高立箴教授（德明財經科技大學）
負責整體制度設計、治理架構研究與跨國供應鏈議題統籌。
領航顧問／供應鏈試點策略顧問 (待指派)
提供供應鏈治理策略、試點導入與制度成熟度推動建議。
技術協力：創嘉科技股份有限公司
協助工具組開發、制度本地化技術支持與企業導入輔導。
第三方專業諮詢：林應祥經理（BSI Taiwan, 英國標準協會）
提供國際標準、稽核方法與第三方驗證相關專業諮詢。
國際顧問／制度交流窗口：當間政義教授（日本和光大學）
協助國際交流、治理理念對話與跨國制度趨勢研究。
秘書聯絡／行政窗口：tnsa.office@proton.me
負責行政協調、文件管理與組織日常事務。

常見問題（FAQ）

TNSA 準備室目前有哪些具體活動？

針對台灣供應鏈企業，推動自評工具試行、教育訓練與指南編制，協助企業建立具稽核性並符合國際標準之供應鏈資安管理與治理體系。

TNSA Preparatory Office

Supporting Taiwanese enterprises in conducting supply chain cybersecurity self-assessments and progressively achieving higher levels of cybersecurity maturity.

Purpose

To help Taiwanese enterprises establish internationally aligned supply chain cybersecurity governance mechanisms—and to respond to the growing expectations for self-assessment and audit readiness across global supply chains—the Taiwan Network Security Association Preparatory Office (TNSA Preparatory Office) was established.

Building on internationally recognized supply chain cybersecurity frameworks—including maturity concepts from Japan, the U.S. NIST SP 800-171/CMMC model, and regulatory elements of the EU NIS2 directive—TNSA develops localized self-assessment approaches and maturity-based governance frameworks tailored to Taiwan’s industrial landscape. These efforts lay the institutional foundation for the future establishment of the Taiwan Network Security Association (TNSA).

Role and Mission

The TNSA Preparatory Office serves as a neutral platform for promoting supply chain cybersecurity governance. Its mission is to support Taiwanese enterprises in adopting suitable self-assessment practices and maturity-based governance mechanisms. The key responsibilities of the TNSA Preparatory Office are as follows:

Develop assessment and governance frameworks tailored to Taiwan’s industries, drawing on the principles of international supply chain cybersecurity maturity models.
Lead the localization of governance requirements, develop and maintain toolkits, and oversee pilot projects across industries.
Promote the governance model through training programs and briefing sessions, helping enterprises understand self-assessment requirements and maturity improvement pathways.
Ensure alignment with international governance frameworks to strengthen cybersecurity trust and cross-border interoperability within global supply chains.

Operational Mechanism

1. Three-Axis Governance Model

Axis	Primary Role	Key Responsibilities
Framework Localization Axis	TNSA Technical Advisory Group	Clause mapping, toolkit design, and evidence criteria development
Pilot Verification Axis	Participating Supply Chain Enterprises	Self-assessment execution, data submission, and improvement feedback
Data Feedback & Analysis Axis	TNSA Preparatory Office	Consolidation of assessment results, preparation of evaluation reports, and provision of recommendations for system refinement and operational improvements

2. Operational Process

Framework Introduction: Adapting the clauses and baseline requirements of international supply chain cybersecurity governance and maturity models into a version suitable for Taiwan’s industrial environment.
Toolkit Localization: Localizing international governance requirements into auditable and practical toolkits and operational guidelines led by the TNSA Preparatory Office.
Pilot Implementation: Lead enterprises guide their suppliers in completing self-assessments and uploading relevant information.
External Validation: Collaborating with independent third-party assessment bodies to conduct sampling audits and verification.
Result Feedback: Consolidating group assessment results into a comprehensive report and providing recommendations to strengthen cross-organizational cybersecurity trust and improve governance mechanisms.

Organization Members and Advisors

Convener / Principal Research Lead: Prof. LieJane Kao (Takming University of Science and Technology)
Responsible for overall framework design, governance architecture research, and coordination of cross-border supply chain initiatives.
Lead Advisor / Supply Chain Pilot Strategy Advisor (To be appointed)
Provides guidance on supply chain governance strategies, pilot implementation, and maturity development recommendations.
Technical Partner: Tronplus Technology Co., Ltd.
Supports toolkit development, framework localization, and enterprise implementation assistance.
Third-Party Professional Consultation: Ying-Hsiang Lin, Manager (BSI Taiwan, British Standards Institution)
Provides expertise on international standards, audit methodologies, and third-party verification practices.
International Advisor / Governance Exchange Liaison: Prof. Masayoshi Tokema (Wako University, Japan)
Facilitates international dialogue, governance concept exchange, and research on cross-border regulatory trends.
Secretariat / Administrative Contact: tnsa.office@proton.me
Responsible for administrative coordination, documentation management, and day-to-day organizational operations.

Frequently Asked Questions (FAQ)

What activities is the TNSA Preparatory Office currently undertaking?

The TNSA Preparatory Office promotes the trial adoption of self-assessment tools, conducts training programs, and develops practical guidelines to help Taiwanese supply chain enterprises establish auditable and internationally aligned cybersecurity governance systems.

Register for the Self-Assessment Pilot

Please use the button below to access the Google Form and complete your registration:

Go to Google Form

Backup link (copy & paste): https://docs.google.com/forms/d/e/1FAIpQLSdessmEmqThfw_EDvgatMDmVaMxyvJfFCMIxuqr1VIWx8YBnw/viewform?usp=header