|
Article 21
|
Specific non-government agencies other than critical infrastructure providers shall comply with the requirements of their assigned cyber security responsibility levels, appoint dedicated cyber security personnel, and, considering the types, volume, and nature of the information they possess or process, as well as the scale and nature of their information and communication systems, formulate, revise, and implement cyber security maintenance plans.<br/>The central competent authority in charge of the relevant sector may require the specific non-government agencies under its supervision provided in the preceding paragraph to report on the implementation of their cyber security maintenance plans.<br/>The central competent authority in charge of the relevant sector may audit the implementation of the cyber security maintenance plans of the specific non-government agencies under its supervision provided in Paragraph 1. Where deficiencies or areas for improvement are identified, the audited specific non-government agencies shall, within a designated period, submit corrective action report.<br/>The central competent authority in charge of the relevant sector shall, in the manner prescribed, submit the audit results and corrective action reports to the competent authority.
|