|
Article 9
|
A public company that uses a computerized information processing system shall, in addition to clearly differentiating the functions and duties of information and user departments, include at least the following control procedures:<br/>1. A clear division of the functions and duties of the information-processing department;<br/>2. Control of system development and program modification;<br/>3. Control of preparing system documentation;<br/>4. Program and data access control;<br/>5. Data input/output control;<br/>6. Data processing control;<br/>7. File and equipment security control;<br/>8. Control of purchase, usage, and maintenance of software and hardware;<br/>9. Control of system recovery plan and testing procedures;<br/>10. Control of information flow security inspection;<br/>11. Control of relevant procedures for disclosing and reporting information on websites designated by the FSC.
|