Article 2
|
(Applicability and Parties Governed)
Parties governed by these guidelines include securities firms, futures commission merchants, securities investment trust enterprises and securities investment consulting enterprises and are divided into two types as below:
- Type 1:
- organizations appointing a chief information security officer in accordance with Article 36-2 of the Regulations Governing the Establishment of Internal Control Systems by Service Enterprises in Securities and Futures Markets
- tiers 1, 2, and 3 securities firms in the Establishing Information Security Inspection Mechanisms for Securities Firms – Schedule for Required Measures under Tiered Protection
- tiers 1, 2, and 3 futures commission merchants in the Establishing Information Security Inspection Mechanisms for Futures Commission Merchants – Schedule for Required Measures under Tiered Protection
- Type 2:
non-type 1 organizations
- If the data security management policy of a Taiwan subsidiary or branch of a foreign group is controlled and established by the foreign parent company or head office, it should follow the relevant control measures established or set up by the parent company or head office prevail if they provide for better regulation; if no such measures are in place, the policy shall be in accordance with the Taiwan laws and regulations.
- The reference guidelines below address matters to be observed by types 1 and 2 organizations unless otherwise specially remarked.
|