|
Article 16
|
Where deficiencies or areas for improvement are identified in the implementation of the cyber security maintenance plan of an audited agency, the audited agency shall submit a corrective action report to the auditing agency, which shall, in turn, submit the said report together with the audit results to the competent authority in the manner prescribed.<br/>Where deemed necessary, the auditing agency or the competent authority may require the audited agency to provide explanations or make adjustments.<br/>The matters relating to the essential elements of the cyber security maintenance plan provided in the preceding three Articles and in Paragraph 1, the submission of implementation status reports, the frequency, contents, and methods of audits, the delivery of results, the submission of corrective action reports, and other related matters shall be prescribed by the competent authority.
|