|
Article 23
|
(Flaw Remediation)
- Flaw detection of the information and communication system conducted by an organization shall cover all information assets in principle. In flaw remediation, effectiveness and potential impact shall be tested. Regular updates shall be made.
- An organization shall ascertain periodically the status of flaw remediation pertaining to the information and communication system and prescribe a time limit for remediation by the level of risk of the flaw discovered and whether external services are offered. Protection and detection of irregularities shall be strengthened before remediation, to ensure prompt and effective vulnerability management.
|