|
Article 5
|
Where an agency falls under any of the following circumstances, its cyber security responsibility level shall be Level B:<br/>1. Its business involves the security maintenance and management of national core technology infor mation funded, subsidized, or researched and developed by government agencies;<br/>2. Its business involves the maintenance and operation of information and communication systems for regional or local public services, or information and communication systems commonly used across government agencies;<br/>3. Its business involves the possession of personal information files of the public on a regional or local basis;<br/>4. Its business involves the maintenance and operation of information and communication systems shared among central second-level agencies and the agencies (institutions) at all subordinate levels thereunder;<br/>5. It is a government agency and its business involves matters relating to critical infrastructure on a regional or local basis;<br/>6. It is a critical infrastructure provider and the central competent authority in charge of the relevant sector, taking into account the number of users, market share, geographic scope, and substitutability of the critical infrastructure services they provide or maintain and operate, deems that failure of or impact on their information and communication systems would have serious adverse effects on social and public interests, public morale, or the life, body, or property of the people; or<br/>7. It is a public regional hospital or district hospital.
|