|
Article 3
|
The competent authority shall approve its own cyber security responsibility levels every two years.<br/>The agencies directly subordinate to the Executive Yuan shall, every two years, propose the cyber security responsibility levels of their own, their subordinate or supervisory government agencies, and the specific non-government agencies under their charge, and shall report the same to the competent authority for approval.<br/>Special municipality, county (city) governments shall, every two years, propose the cyber security responsibility levels of their own, their subordinate or supervisory government agencies, and their governed villages (townships/cities), mountain indigenous district offices of municipality, and the subordinate or supervisory government agencies of such governed villages (townships/cities) and mountain indigenous district offices of special municipalities, and shall report the same to the competent authority for approval.<br/>Special municipality and county (city) councils, village (township/city) councils, and mountain indigenous districts of special municipality councils shall, every two years, submit their own cyber security responsibility levels, which shall be compiled and submitted by the municipality and county (city) governments where they are located to the competent authority for approval.<br/>The Presidential Office, the National Security Council, the Legislative Yuan, the Judicial Yuan, the Examination Yuan, and the Control Yuan shall, every two years, approve the cyber security responsibility levels of their own, their subordinate or supervisory government agencies, and the specific non-government agencies under their charge, and shall submit the same to the competent authority for recordation.<br/>If each agency is required to change its cyber security responsibility levels due to adjustments to organizations or businesses, it shall immediately conduct the change to levels according to the procedures under the preceding five paragraphs; the same shall apply to the case when a new agency is established.<br/>In conducting the submission or approval of cyber security responsibility levels under Paragraph 1 to Paragraph 5, if the government agency thinks it is necessary to otherwise give the entities within the government agency or the specific non-government agency the levels that are different from those of such agency, it may determine such levels in accordance with the requirements of Article 4 to Article 10, by taking into consideration the nature of businesses of such entities.
|