|
Article 6
|
When government agencies or specific non-government agencies (hereinafter referred to as “agencies”) submit a corrective action report in accordance with Paragraph 2, Article 8; Paragraph 1, Article 16; Par-agraph 5, Article 20; or Paragraph 3, Article 21 of the Act, they shall present the following information based on the audit findings regarding the implementation of their cyber security maintenance plans:<br/>1. Items and content found deficient or requiring improvement.<br/>2. Cause(s) of occurrence.<br/>3. Measures implemented across management, technical, human resources, or other resource dimen-sions to correct deficiencies or strengthen areas requiring improvement.<br/>4. The scheduled completion timeline for the aforementioned measures in the preceding subparagraph and the methods for tracking implementation progress.<br/>Following submission of the corrective action report as stipulated in the preceding paragraph, agencies shall submit a report on the implementation status of the corrective action report within the timeframe and according to the procedures designated by the auditing agency.
|