|
Article 4
|
A securities firm authenticating ID by mobile ID shall formulate an information security mechanism, including the following:
- An information security policy shall be formulated in respect of the process of data transmission, data storage, and other aspects of the security control mechanism concerning a principal using mobile ID to authenticate identity.
- Records or trails of a principal’s use of mobile ID shall be retained.
- A review procedure shall be developed against unauthorized use in regard to data furnished by a principal.
- A cyber security incident notification procedure shall be developed.
|