|
Article 30
|
Where specific non-government agencies fall under any of the following circumstances, the central competent authority in charge of the relevant sector shall order correction within a specified period; if correction is not made within the prescribed period, a fine of not less than NT$100,000 and not more than NT$5,000,000 shall be imposed for each violation:<br/>1.Failure to formulate, revise, or implement a cyber security maintenance plan in accordance with Paragraph 2, Article 20 or Paragraph 1, Article 21, or violation of the requirement regarding essential elements of the cyber security maintenance plan as provided in the measures prescribed under Article 22.<br/>2.Failure to submit the implementation status of the cyber security maintenance plan to the central competent authority in charge of the relevant sector in accordance with Paragraph 3, Article 20,or Paragraph 2, Article 21, or violation of the provisions on the submission of implementation status reports as prescribed under Article 22.<br/>3.Failure to submit a corrective action report to the central competent authority in charge of the relevant sector in accordance with Paragraph 2, Article 8, Paragraph 5, Article 20, or Paragraph 3, Article 21, or violation of the provisions on the submission of corrective action reports as prescribed under Article 22.<br/>4.Failure to formulate a notification and response mechanism for cyber security incidents in accordance with Paragraph 1, Article 24, or violation of the requirements regarding the essential elements of the reporting and response mechanism as prescribed under Paragraph 4, Article 24.<br/>5.Failure to submit investigation, handling, and corrective action reports of cyber security incidents to the central competent authority in charge of the relevant sector, or to the competent authority in accordance with Paragraph 3, Article 24, or violation of the provisions on the submission and delivery of such reports as prescribed under Paragraph 4, Article 24.<br/>6.Violation of the provisions regarding the contents of notifications and the execution of drills as prescribed under Paragraph 4, Article 24.
|