|
Article 2
|
The organizations governed by these Directions include securities firms, futures commission merchants, securities investment trust enterprises and securities investment consulting enterprises. These organizations are grouped in two categories, as described below:
- Category 1:
Organizations that appoint the Chief Information Security Officer in accordance with Article 36-2 of the Regulations Governing the Establishment of Internal Control Systems by Service Providers in Securities and Futures Markets.
- Category 2:
Organizations not in Category 1.
- For Taiwanese subsidiaries or branches of a foreign business group whose information security, business continuity, or operation resilience management policies are controlled and established by its foreign parent company or head office, if their parent company or head office has established or created relevant control measures with better regulations, these regulations shall govern. If otherwise, local laws and regulations shall govern.
- Unless otherwise specified below, the following reference directions cover the compliance matters applicable to the organizations in both Categories 1 and 2.
|