|
Article 12
|
After the specific non-government agency has completed the notifications of cyber security incident, the central competent authority in charge of the relevant sector shall complete verification of the level of such cyber security incident within the following timeframes, and may change its level according to the review results:<br/>1. Within eight hours after receipt of the notification of a level-1 or level-2 cyber security incident.<br/>2. Within two hours after receipt of the notification of a major security incident.<br/>Once the central competent authority in charge of the relevant sector completes the review of a cyber security incident as required above, it must, within one hour, send the review findings, the grounds for the decision, and any other necessary information to the competent authority using the method specified by that competent authority.<br/>Upon receipt of the documentation under the preceding paragraph, the competent authority may review the level of the cyber security incident, and may change its level. However, where it is deemed neces-sary, or where the agencies under the preceding paragraph fail to notify of the required review results, the competent authority may directly review such cyber security incident and may change its level.
|