Chapter V. Commendation and Disciplinary Action |
| Article 18 | Government agencies may, in accordance with these Regulations, set their own criteria for commendation and disciplinary action for cyber security matters handled by their personnel. |
|
| Article 19 | The following situations qualify for commendation:
1. In accordance with the Act, regulations made under its authority or the agency’s internal rules, for mulation, revision, and implementation of cyber security maintenance plans and achievement of outstanding performance.
2. Achievement of outstanding performance when conducting audits of the implementation of cyber security maintenance plans under Article 15 of the Act or cyber security drill operations.
3. Cooperation with the competent authority and the agencies designated under Article 15 of the Act in auditing the implementation of cyber security maintenance plans, conducting cyber security drills, or in the performance evaluations and commendation procedures for government agency cyber security tasks, and achievement of outstanding performance upon assessment.
4. Appropriate implementation of cyber security tasks to prevent cyber security incidents and thereby protect this agency, other agencies, or the public from damage.
5. Active identification of new types of cyber security vulnerabilities or intrusion threats and sharing of cyber security information to prevent incidents or minimize their damage.
6. Active monitoring of anomalies in cyber security maintenance, prompt detection of major cyber security incidents, and implementation of reporting and response measures to prevent further spread of damage.
7. Proposal and implementation of concrete suggestions or innovative solutions for cyber security tasks.
8. Management of training and cultivation of cyber security personnel, with tangible contributions.
9. Handling affairs concerning the research and development, integration, application, industry-aca demia collaboration, or industrial development of cyber security technology, with tangible contributions.
10. Development of technical specifications for cyber security hardware and software, related services, and verification mechanisms, with tangible contributions.
11. Development of cyber security policies, legal analysis, or international cooperation efforts, with tangible contributions.
12. Cooperation with the competent authority in mobilization operations, with excellent performance or tangible contributions.
13. Development of other cyber security tasks, with tangible contributions. |
Info |
| Article 20 | The following situations qualify for disciplinary action:
1. Failure to handle the following matters in accordance with the Act, regulations prescribed under the Act, or the agency’s internal rules, where the circumstances are significant:
(1) Cyber security information sharing operations.
(2) Formulation, revision, and implementation of cyber security maintenance plans.
(3) Submission of reports on the implementation of cyber security maintenance plans.
(4) Audit of implementation of cyber security maintenance plans.
(5) Submission of a corrective action report in response to the audit results of the implementation of cyber security maintenance plans conducted by the competent authority and the agencies referred to in Article 15 of the Act.
(6) Establishment of reporting and response mechanisms for cyber security incidents.
(7) Reporting or response operations for cyber security incidents.
(8) Submission of investigation, handling, and corrective action reports regarding cyber security incidents.
2. Poor performance in handling cyber security affairs, as rated by the competent authority, a superior authority, or a supervisory authority, where guidance has proved ineffective and the circumstances are significant.
3. Other violations of the Act, regulations made under its authority, or an agency’s internal rules in a serious circumstance.
4. Poor supervision of task operations resulting in their subordinates or personnel of affiliated units or supervised agencies falling in any circumstance of the preceding three subparagraphs. |
Info |
| Article 21 | When a government agency carries out regular performance reviews of its personnel, it shall consider the commendation and disciplinary actions described in the preceding two articles. Reviews should be based on the actual causes and course of events, the individual’s motives, purpose, methods, and conduct, and the effects of their actions. For personnel who are hired, on contract, or otherwise employed by the agency, any commendation or disciplinary action shall also be taken into account when deciding on renewal of appointment or employment. |
|
| Article 22 | Before disciplining personnel for any situation under each subparagraph of Article 20, a government agency must give the person an opportunity for defense; where necessary, it may seek advice from relevant experts and scholars on the technical matters of cyber security. |
Info |