| Article 7 |
Under Paragraph 2, Article 17 of the Act, after the completion of the notification of the cyber security incident to the notified agency, the review of the level of such cyber security incident shall be completed within the following timeframes, and its level may be changed according to the review results:<br/>1. Within eight hours after receipt of the notification of a level-1 or level-2 cyber security incident.<br/>2. Within two hours after receipt of the notification of a major cyber security incident.<br/>After completion of the required review of the level of the cyber security incident to the notified agency, the agencies under the preceding paragraph shall notify the competent authority of the review results within one hour, and shall provide information relating to the basis of the reviews.<br/>Upon receipt of the notifications under the preceding paragraph, the competent authority shall further review the level of the cyber security incident according to the relevant information, and may change its level according to the review result. However, where it is deemed necessary, or where the agencies under the preceding paragraph fail to notify of the required review results, the competent authority may directly review such cyber security incident and may change its level. |
|