|
Article 24
|
Specific non-government agencies shall establish notification and response mechanisms for cyber security incidents.<br/>When specific non-government agencies become aware of a cyber security incident, they shall notify the central competent authority in charge of the relevant sector of the incident.<br/>The specific non-government agency shall submit an investigation, handling, and corrective action report regarding the cyber security incident to the central competent authority in charge of the relevant sector; in the case of a major cyber security incident, the report shall also be submitted to the competent authority.<br/>The rules regarding the necessary items of the reporting and response mechanism, the reporting content, submission of reports, delivery, drill exercises, and other matters to be followed provided in the preceding three paragraphs shall be prescribed by the competent authority.<br/>When the central competent authority in charge of the relevant sector or the competent authority becomes aware of a major cyber security incident, it shall provide necessary assistance; at an appropriate time, it may also announce the necessary information and response measures relating to the incident.
|