|
Article 11
|
Where deficiencies or areas for improvement are identified in the implementation of an audited agency’s cyber security maintenance plan, the audited agency shall, within one month after the auditing agency delivers the audit report, submit a corrective action report in accordance with Paragraph 1, Article 6 of the Enforcement Rules of the Act to the government agency that receives reports on the implementation of its cyber security maintenance plan pursuant to Article 14 of the Act, or to the central competent authority in charge of the relevant sector for review; the reviewing agency shall then forward the report to the competent authority. For audits conducted pursuant to Paragraph 2, Article 5, the reviewing agency shall forward the audit results together with the report to the competent authority.<br/>After submitting a corrective action report, the audited agency shall, in accordance with Paragraph 2, Article 6 of the Enforcement Rules of the Act, submit the implementation status of the corrective action report to the government agency that receives reports on the implementation of its cyber security maintenance plan pursuant to Article 14 of the Act or to the central competent authority in charge of the relevant sector for review; the reviewing agency shall then forward the report to the competent authority.<br/>Where the agency receiving the corrective action report under Paragraph 1 or the agency receiving the implementation status of the corrective action report under the preceding paragraph deems it necessary, it may require the audited agency to provide explanations or make adjustments.
|