|
Article 20
|
The following situations qualify for disciplinary action:<br/>1. Serious failure to handle the following matters in accordance with the Act, regulations made under its authority, or internal agency rules:<br/>(1)Cyber Security Information Sharing Operation.<br/>(2)Establish, amend, and carry out cyber security maintenance plans.<br/>(3)Propose the implementation of cyber security maintenance plans.<br/>(4)Develop the audit of the implementation of cyber security maintenance plans.<br/>(5)Submit an improvement report based on the audit findings from reviewing how the competent authority and the agencies referred to in Article 15 implemented their cyber security maintenance plan.<br/>(6)Establish the notification and response mechanism of the cyber security incident.<br/>(7)The notification or response operation of the cyber security incident.<br/>(8)Submit reports detailing the investigation, response, and corrective actions for cyber security incidents.<br/>2. Cyber security businesses were judged poor by the competent, superior, or supervisory authority; counseling failed and the situation is serious.<br/>3. Other violations of the Act, regulations issued under it, or an agency’s internal rules that are of a serious nature.<br/>4. For poor supervision of business operations, resulting in personnel of their subordinates, affiliated units, or supervised agencies being in any situation of the preceding three subparagraphs.
|