|
Article 11
|
When an audited agency discovers deficiencies or areas requiring improvement in the implementation of its cyber security maintenance plans, it must submit an improvement report within one month following receipt of the audit results from the audit agency. This report shall be submitted in accordance with Paragraph 1 of Article 6 of the Enforcement Rules of the Act to the government agencies that receive reports on cyber security maintenance plans as specified in Article 14 of the Act, or to the central competent authority in charge of the relevant sector for review. The reviewing agency shall then forward the report to the competent authority. For audits conducted pursuant to Paragraph 2 of Article 5, the audit agency shall submit the audit results to the competent authority.<br/>After the audited agency submits an improvement report, it shall submit the implementation status of that report to the government agencies that receive reports on cyber security maintenance plans as specified in Article 14 of the Act, or to the central competent authority in charge of the relevant sector for review in accordance with Paragraph 2 of Article 6 of the Enforcement Rules of the Act. The reviewing agency shall then forward the report to the competent authority.<br/>When the agency receiving the improvement report and information on the implementation of such re-port deems it necessary, it may require the audited agency to provide clarification or make adjustments.
|