|
Article 4
|
Where an agency falls under any of the following circumstances, its cyber security responsibility level shall be Level A:<br/>1. Its business involves national secrets;<br/>2. Its business involves matters of foreign affairs, national defense, or homeland security;<br/>3. Its business involves the maintenance and operation of information and communication systems for nationwide public services, or information and communication systems commonly used across government agencies;<br/>4. Its business involves the possession of personal information files of the public nationwide or of public officials;<br/>5. It is a government agency and its business involves matters of nationwide critical infrastructure;<br/>6. It is a critical infrastructure provider, and the central competent authority in charge of the relevant sector, taking into account the number of users, market share, geographic scope, and substitutability of the critical infrastructure services they provide or maintain and operate, deems that failure of or impact on their information and communication systems would have catastrophic or severe adverse effects on social and public interests, public morale, or the life, body, or property of the people; or<br/>7. It is a public medical center.
|