|
Article 8
|
When conducting audits, the auditing agency may require the audited agency to provide explanations regarding the implementation of its cyber security maintenance plan, render assistance, or provide relevant documents and supporting materials for the audit team’s review, and may carry out the following matters. The audited agency and its personnel shall cooperate accordingly:<br/>1. Pre-audit interviews.<br/>2. Onsite audits or other suitable audit approaches.<br/>Where the audited agency is unable, for legally justifiable reasons, to provide explanations, render assistance, or provide materials for the audit team’s review under the preceding paragraph, it shall submit a written statement of reasons to the auditing agency referred to in the preceding paragraph, which shall review the matter upon receipt.<br/>Where, after conducting the review referred to in the preceding paragraph, the auditing agency finds the reasons justified, it shall record the basis of the review and the relevant information in the audit report and may suspend all or part of the audit operations. Where it finds the reasons unjustified, it shall require the audited agency to proceed in accordance with Paragraph 1. Where audit operations have been suspended, the auditing agency referred to in Paragraph 1 may resume the audit at another scheduled time and deliver a written notice to the audited agency ten days before the audit.
|