• Font Size:
  • S
  • M
  • L

Article NO. Content

Title:

Reference Guidelines on the Supply Chain Risk Management of Service Enterprises in Securities and Futures Markets  CH

Announced Date: 2024.11.07 (Articles 1, 2, 3, 4, 6, 7, 8, 11, 12 amended,English version coming soon)
Current English version amended on 2022.04.26 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese
Article 9     (Identification of Access Risk of an Information Service Supplier)
    The project officer shall conduct a risk assessment taking the following into consideration where it is necessary for an information service supplier to access the information assets and trade secrets of an organization:
  1. Laws and regulations or competent authority regulations shall be complied with. Security control shall be designed in accordance with the principleofleastprivilege and minimum disclosure necessary for the outsourcing.
  2. Control measures for the acquisition, use, safekeeping, inquiry, revision, adjustment, and destruction of an organization’s information assets and trade secrets shall be taken into account in their control and management.
  3. An information service supplier’s responsibility for protection:
    1. An organization shall require that the access control measures of an information service supplier not be inferior to the terms of the agreement with the organization and Article 7, paragraphs 1 and 2 of the Trade Secrets Act.
    2. An organizationshall require an information service supplier to warrant that use of the information asset or trade secret concerned is limited to the scope of application.