|
Article 10
|
A service enterprise that uses a computerized information processing system shall, in addition to clearly differentiating the functions and duties of information and user departments, at least include the following control procedures:<br/>1. Clear demarcation of the functions and duties of the information-processing department.<br/>2. Control of system development and program modification.<br/>3. Control of preparation of system documentation.<br/>4. Program and data access control.<br/>5. Data input/output control.<br/>6. Data processing control.<br/>7. File and facility security control.<br/>8. Control of purchase, usage, and maintenance of hardware and system software.<br/>9. Control of system recovery plan and testing procedures.<br/>10. Control of information and communications security inspection.<br/>11. Control of relevant procedures, if required, for disclosing and reporting public information on a website designated by the competent authority.
|