Article 9
|
A public company that uses a computerized information processing system shall, in addition to clearly differentiating the functions and duties of information and user departments, include at least the following control procedures:
- A clear division of the functions and duties of the information-processing department;
- Control of system development and program modification;
- Control of preparing system documentation;
- Program and data access control;
- Data input/output control;
- Data processing control;
- File and equipment security control;
- Control of purchase, usage, and maintenance of software and hardware;
- Control of system recovery plan and testing procedures;
- Control of information flow security inspection;
- Control of relevant procedures for disclosing and reporting information on websites designated by the FSC.
|