|
Article 6
|
The cyber security maintenance plan under Article 10, Paragraph 2 of Article 16, and Paragraph 1 of Article 17 of the Act shall include the following:<br/>1. Core businesses and their significance.<br/>2. Cyber security policy and objectives.<br/>3. The organization promoting cyber security.<br/>4. The deployment of dedicated manpower and fund.<br/>5. The deployment of Cyber Security Officer of the government agency.<br/>6. The inventory of information and communication systems and information, and indicating the core ones and relevant assets.<br/>7. Risk assessments of cyber security.<br/>8. Protection and control measures for cyber security.<br/>9. The notification, response and rehearsal mechanisms relating to cyber security incidents.<br/>10. Cyber security information assessment and response mechanism.<br/>11. Management measures for outsourced information and communication system or service.<br/>12. Assessment mechanism for personnel of the government agency who conducts business involving cyber security matters.<br/>13. The continual improvement and performance management mechanism for the cyber security maintenance plan and implementation status.<br/>The implementation of cyber security maintenance plans submitted by each agency under Article 12, Paragraph 3 of Article 16, or Paragraph 2 of Article 17 of the Act shall include the implementation results of and relevant explanations for those under each subparagraph of the preceding paragraph.<br/>The stipulation, amendment, and implementation of the cyber security maintenance plans under Paragraph 1, and the submission of the implementation thereof to be conducted by a government agency may, with consent of its superior or supervisory authority, be conducted by its superior or supervisory authority or another government agency subordinate to its superior or supervisory authority; and in case of a specific non-government agency, the same may, with consent of its central authority in charge of relevant industry, be conducted by its central authority in charge of relevant industry, a subordinate government agency of such central authority in charge of relevant industry, or another specific non-government agency regulated by the central authority in charge of relevant industry.
|