|
Article 8
|
The competent authority may conduct periodic or ad hoc audits of the implementation of cyber security maintenance plans by government agencies and specific non-government agencies.<br/>Where deficiencies or areas for improvement are identified in the audit provided in the preceding paragraph, the audited agency shall submit a corrective action report. Government agencies shall submit such reports to the authority designated under Article 14 to receive implementation reports; specific non-government agencies shall submit such reports to the central competent authority in charge of the relevant sector, which shall forward them to the competent authority after review.<br/>The authority receiving the corrective action report, as provided in the preceding paragraph, may, where deemed necessary, require the audited agency to provide explanations or make adjustments.<br/>The frequency, scope, and methods of audits of the implementation of cyber security maintenance plans, as provided in the preceding three paragraphs, the submission of corrective action reports, and other related matters shall be prescribed by the competent authority.<br/>Audits under Paragraph 1 shall be carried out pursuant to an annual plan prepared by the competent authority and approved by the Executive Yuan. The annual plan and the annual results report shall be submitted to the National Information and Communication Security Taskforce for recordation.
|