|
Article 4
|
The cyber security responsibility levels of each agency under any of the following circumstances are Level-A:<br/>1. Its business involves classified national security information.<br/>2. Its business involves matters of foreign affairs, national defense, or homeland security.<br/>3. Its business involves the maintenance operation of information and communication system com-monly used for nationwide people services or cross agencies.<br/>4. Its business involves the possession of personal information of nationwide people or public offi-cials.<br/>5. It is a government agency, and its business involves matters of nationwide critical infrastructure.<br/>6. It is a critical infrastructure provider, and the central competent authority in charge of the relevant sector, based on the consideration of the number of users, market share, the area and the substituta-bility of its business or maintenance operation of critical infrastructures and services, considers that the failures of or impact on its information and communication system might cause disasters or ex-tremely serious impact on social public interests, people’s morale, or the security of people’s lives, body or property.<br/>7. It is a government medical center.
|