|
Article 7
|
The agency notified pursuant to Paragraph 2, Article 17 of the Act shall, after receiving a report of a cyber security incident, complete its review of the incident level within the following timeframes and may change the level based on the review results:<br/>1. Within eight hours after receipt of a report of a level 1 or level 2 cyber security incident.<br/>2. Within two hours after receipt of a report of a major cyber security incident.<br/>After completing the review under the preceding paragraph, the notified agency shall, within one hour, notify the competent authority of the review results and provide information on the basis for the review.<br/>Upon receipt of the notification under the preceding paragraph, the competent authority shall further review the incident level based on the relevant information and may change the level based on the review results. However, where it deems it necessary, or where the notified agency fails to notify the review results as required, the competent authority may directly review the cyber security incident and change its level.
|