|
Article 25
|
The central competent authority in charge of the relevant sector, for the purpose of investigating a major cyber security incident occurring at a specific non-government agency, may carry out the investigation in accordance with the following procedures:<br/>1.Notify the parties concerned or related parties to provide statements in person.<br/>2.Notify the parties concerned and related parties to submit forensic or investigative reports issued by independent third-party institutions.<br/>3.Dispatch personnel, appoint or commission other agencies (organizations) to conduct necessary inspections at the premises of the parties concerned and related parties.<br/>The related parties provided in the preceding paragraph are limited to contractors entrusted by the specific non-government agency to establish, maintain, operate or provide information and communication systems or information and communication services that are related to the major cyber security incident.<br/>The parties concerned or related parties shall not evade, obstruct, or refuse any investigation conducted by the central competent authority in charge of the relevant sector pursuant to Paragraph 1.<br/>Personnel carrying out the investigation shall present identification or proof of authority for performing their duties; if such identification or proof is not presented, investigated parties may refuse compliance.<br/>Agencies (organizations) appointed or commissioned under Paragraph 1, Subparagraph 3 shall not disclose any confidential information of the specific non-government agency acquired while performing their assigned or commissioned duties.
|