|
Article 20
|
The following situations qualify for disciplinary action:<br/>1. Failure to handle the following matters in accordance with the Act, regulations prescribed under the Act, or the agency’s internal rules, where the circumstances are significant:<br/>(1) Cyber security information sharing operations.<br/>(2) Formulation, revision, and implementation of cyber security maintenance plans.<br/>(3) Submission of reports on the implementation of cyber security maintenance plans.<br/>(4) Audit of implementation of cyber security maintenance plans.<br/>(5) Submission of a corrective action report in response to the audit results of the implementation of cyber security maintenance plans conducted by the competent authority and the agencies referred to in Article 15 of the Act.<br/>(6) Establishment of reporting and response mechanisms for cyber security incidents.<br/>(7) Reporting or response operations for cyber security incidents.<br/>(8) Submission of investigation, handling, and corrective action reports regarding cyber security incidents.<br/>2. Poor performance in handling cyber security affairs, as rated by the competent authority, a superior authority, or a supervisory authority, where guidance has proved ineffective and the circumstances are significant.<br/>3. Other violations of the Act, regulations made under its authority, or an agency’s internal rules in a serious circumstance.<br/>4. Poor supervision of task operations resulting in their subordinates or personnel of affiliated units or supervised agencies falling in any circumstance of the preceding three subparagraphs.
|