|
Article 2
|
The organizations governed by these Directions include securities firms, futures commission merchants, securities investment trust enterprises and securities investment consulting enterprises. These organizations are grouped in two categories, as described below:
- Category 1:
- Organizations that appoint the Chief Information Security Officer in accordance with Article 36-2 of the Regulations Governing the Establishment of Internal Control Systems by Service Providers in Securities and Futures Markets.
- Tier 1, 2 and 3 securities firms as listed in the Establishment of Inspection Mechanism for Securities Firm’s Information and Communication Security – Required Actions for Tiered Protection Schedule.
- Tier 1, 2 and 3 futures commission merchants as listed in the Establishment of Inspection Mechanism for Futures Commission Merchant’s Information and Communication Security – Required Actions for Tiered Protection Schedule.
- Category 2:
Organizations not in Category 1.
- For Taiwanese subsidiaries or branches of a foreign business group whose information security, business continuity, or operation resilience management policies are controlled and established by its foreign parent company or head office, if their parent company or head office has established or created relevant control measures with better regulations, these regulations shall govern. If otherwise, local laws and regulations shall govern.
- Unless otherwise specified below, the following reference directions cover the compliance matters applicable to the organizations in both Categories 1 and 2.
|