Chapter II. Government Agency Cyber Security Management |
| Article 10 | A government agency shall satisfy the requirements of the cyber security responsibility level, and take into account the category, quantity and attribute of the information reserved or processed, along with the scale and attribute of the information and communication system, to stipulate, amend and implement the cyber security maintenance plan. |
|
| Article 11 | A government agency shall staff the position of Cyber Security Officer, which to be concurrently served by the deputy head or other appropriate personnel as designated by the agency head. The Cyber Security Officer shall assume the responsibility to carry out and oversee the cyber security business of the agency. |
|
| Article 12 | A government agency shall submit to the superior or supervisory authority about the implementation of the cyber security maintenance plan annually. Without such superior authority, the implementation report of the cyber security maintenance plan shall be submitted to the competent authority. |
|
| Article 13 | A government agency shall audit the subordinate authority under its supervision about the implementation of the cyber security maintenance plan.
When an agency is audited and found defective or needing improvement in the cyber security maintenance plan, it shall submit the improvement report to the auditing agency and the superior or the supervisory authority. |
|
| Article 14 | To cope with cyber security incident, a government agency shall stipulate the reporting and responding mechanism.
When privy to a cyber security incident, the government agency shall report to the superior or supervisory authority as well as tothe competent authority. Without such superior authority, the government agency shall report to the competent authority.
A government agency shall file a report on the investigation, handling and improvement on the cyber security incident, and shall submit the report to the superior or supervisory authority as well as the competent authority. Without a superior authority, the government agency shall submit to the competent authority.
Regulations regarding the essentials of the reporting and responding mechanism, content of notification, submittal of report and other matters in the three preceding Paragraphs shall be stipulated by the competent authority. |
|
| Article 15 | Personnel affiliated with government agencies who have excellent performance in maintaining the agency’s cyber security shall be incentive awarded.
Regulations for such incentive award in the preceding Paragraph shall be stipulated by the competent authority. |
|