To enhance the impartiality and professionalism of its accreditation and evaluation operations and to establish a robust self-governance and quality management framework, the Higher Education Evaluation and Accreditation Council of Taiwan (HEEACT) obtained ISO 9001 Quality Management System (QMS) certification in 2009. The scope of certification covered administrative management and service processes related to the quality assurance of higher education institutions.

To further strengthen the protection and management of information assets, HEEACT subsequently obtained ISO 27001 Information Security Management System (ISMS) certification in 2015.

In accordance with Article 61, Paragraph 1 of the Foundations Act promulgated in 2018, which stipulates that “a government-endowed foundation shall establish personnel, accounting, internal control and audit systems and submit to the competent authority for approval,” HEEACT formulated its Internal Control Regulations in 2019. A comprehensive internal control system was established in 2021, and formal internal audits have been conducted since 2022.

With multiple quality and internal control systems operating in parallel, and recognizing the significant overlap among them, HEEACT resolved to discontinue its ISO 9001 certification in 2025 to enhance overall efficiency and consistency in quality management. In the same year, HEEACT successfully maintained its ISO 27001 certification, demonstrating its continued commitment to information security governance and risk management.

In 2025, HEEACT completed its second surveillance audit under the ISO 27001 certification cycle (Year 3). Its Information Security Policy is as follows:

• To enhance information security awareness
• To manage and mitigate information security risks
• To implement effective information security practices
• To ensure the continuity of operations