|
Article 10
|
The cyber security responsibility levels of each agency shall be determined in accordance with the preceding six articles; however, when the government agency submits or approves the cyber security responsibility levels under Paragraphs 1 to 5 of Article 3, the levels of each agency may be adjusted, by taking into consideration the degree of impact of the following matters on national security, social public interests, the security of people’s lives, body, or properties, or the reputation of the government agency:<br/>1. If its business involves foreign affairs, national defense, homeland security, or its business involves nationwide, regional or local energy, water resources, telecommunication, transportation, banking & finance, emergent rescues, and hospitals.<br/>2. If its business involves personal information, official confidentiality, or other information which should be confidential by law or by contract - the quantity and nature of such information, and the unauthorized access, use, control, breach, damage, tampering, destruction or other infringement.<br/>3. Depending on different levels of each agency - the impact on, failure, or interruption of its functions.<br/>4. Other concrete matters relating to the provision, maintenance operation, size, or nature of information and communication system.
|