• Font Size:
  • S
  • M
  • L

Article NO. Content

Title:

Reference Guidelines on the Protection of the Information and Communication Systems of Service Enterprises in Securities and Futures Markets  CH

Announced Date: 2024.01.09 (Articles 15 amended,English version coming soon)
Current English version amended on 2022.04.26 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese
Article 19     (System Development Life Cycle – Development and Testing Stage)
  1. The information and communication system shall implement necessary control measures with regard to safety requirements.
  2. The information and communication system shall take notice of and prevent common software flaws and implement necessary control measures.
  3. When an error occurs in the information and communication system, the user page only shows a short error message and code, excluding details of the error.
  4. It is advisable for an organization offering online ordering services to perform “source code scan” for purposes of safety testing of its core systems.
  5. It is advisable for the core systems of a type 1 organization to be equipped with an alert mechanism against serious errors.
  6. An organization offering online ordering services shall perform regular vulnerability scans of the information and communication system (at least on a biannual basis) for purposes of safety testing.
  7. An organization offering online ordering services shall perform regular penetration tests on the core systems which offer online services for purposes of safety testing.