|
Article 10
|
Government agencies or specific non-government agencies, within the scope of this Act, that outsource the implementation, maintenance and operation of information and communication systems or the provision of information and communication services shall select appropriate contractors, require the contractors to establish effective cyber security management mechanisms, and supervise the implementation of such mechanisms.<br/>The procedures and environments in which contractors referred to in the preceding paragraph perform outsourced tasks shall incorporate comprehensive cyber security management measures or obtain impartial third-party certification.<br/>Government agencies or specific non-government agencies that handle outsourced tasks as described in Paragraph 1 shall enter into a written agreement with the contractor, specifying the rights and obligations of both parties as well as liabilities for breaches.<br/>Government agencies or specific non-government agencies shall cooperate with the competent authority in planning and conducting cyber security drills and, if necessary, incorporate third-party assistance mechanisms. The contents of such drills and other relevant matters shall be prescribed by the competent authority.
|