|
Article 9
|
The cyber security maintenance plans specified in Article 13, Paragraph 2 of Article 20, and Paragraph 1 of Article 21 of the Act shall include the following items:<br/>1. Core business and their importance.<br/>2. Cyber security policies and goals.<br/>3. Cyber security promotion organization.<br/>4. Allocation of full-time staff and funding.<br/>5. Establishment of cyber security officer.<br/>6. Conduct an inventory of information and communication systems, and identify core information and communication systems and related assets.<br/>7. Cyber security risk management.<br/>8. Cyber security defense and control measures.<br/>9. The notification, response and exercise mechanism of the cyber security incident.<br/>10. Mechanisms for assessing and responding to cyber security information.<br/>11. Management measures for outsourced information and communication systems or services.<br/>12. Evaluation framework for cyber security compliance in business operations conducted by organiza-tional personnel.<br/>13. Continuous improvement of cyber security maintenance plans and implementation status and per-formance management mechanisms.<br/>Various agencies shall include the execution results and relevant explanations of each subparagraph men-tioned above when submitting reports on the implementation status of their cyber security maintenance plans as required under Article 14, Paragraph 3 of Article 20, or Paragraph 2 of Article 21 of the Act.<br/>The development, revision, and implementation of cyber security maintenance plans, as well as the sub-mission of implementation reports, may be carried out by the receiving agencies or their subordinate or supervisory government agencies, their governed villages (townships/cities), mountain indigenous district offices of special municipalities, and the subordinate or supervisory government agencies of such gov-erned villages (townships/cities) and mountain indigenous district offices of special municipalities, and the representative councils of the villages (townships/cities) and Mountain Indigenous Districts of Spe-cial Municipalities councils, with consent from the agencies receiving such implementation reports under Article 14 of the Act. Similarly, specific non-government agencies may delegate these responsibilities to the central competent authority in charge of the relevant sector, the subordinate or supervisory government agency of the central competent authority in charge of the relevant sector, the specific non-government agency under their charge by the central authority in charge of relevant industry, subject to approval from the central competent authority in charge of the relevant sector.
|