|
Article 11
|
Each agency shall conduct the matters specified in Schedule 1 to Schedule 8, depending on its cyber security responsibility levels.<br/>For the information and communication system that is developed by each agency itself or outsourced for the development, each agency shall complete the classification of information and communication system according to the principles of classification of defense requirements of information and communication system specified in Schedule 9, and shall implement control measures according to the defense standards of information and communication system specified in Schedule 10; if the central authority in charge of relevant industry of a specific non-government agency considers it is necessary to otherwise provide for defense standards of specific types of the information and communication systems, it may propose by itself the defense standards and report such standards to the competent authority for approval, and shall follow the requirements of such standards, if approved.<br/>In conducting the matters specified in Schedule 1 to Schedule 8 or implementing control measures specified in Schedule 10, if each agency has apparent difficulties in conducting or implementing specific matters or control measures due to such factors as technical limitation, design, structure or nature of individual cyber systems, it may, with consent of each agency submitting its levels under Paragraph 2 to Paragraph 4 of Article 3 or each agency approving its levels under Paragraph 5 of the same article, and upon reporting to the competent authority for recordation, be exempted from the implementation of such matters or control measures.<br/>The government agency whose cyber security responsibility levels are Level-A or Level-B shall report the implementation status of matters under Paragraph 1 and Paragraph 2 in the manner designated by the competent authority.<br/>The central authority in charge of relevant industry may require the specific non-government agency regulated under their charge to report the implementation status of matters under Paragraph 1 and Paragraph 2 in the manner designated.
|