Info security management act passed - Taipei Times
Sat, May 12, 2018 - Page 3 News List

Info security management act passed

CONSENSUS:In a rare display of cross-party unity, DPP and KMT lawmakers approved the law to push forward a national information and communication security policy

By Sean Lin  /  Staff reporter

Lawmakers across party lines yesterday passed the Information and Communication Security Management Act (資通安全管理法) to tackle the challenges posed by threats to government information security by deploying public and private resources.

The passage of the act provided a rare example of cross-party unity, with the Chinese Nationalist Party (KMT) caucus agreeing to let motions filed by the Democratic Progressive Party caucus to revise several key articles pass without requesting that they be put to vote.

Under the act, the Executive Yuan — the agency governing the act — should plan and push forward a national information and communication security policy, facilitate development of a local information security sector and promote international exchanges.

It should regularly publish reports on the level of the nation’s information security and government agencies’ performance in safeguarding their data, the act says.

The Executive Yuan should define the responsibilities of each agency, public foundation and state-run enterprise to ensure information security according to its rank, the importance of its work, and the sensitivity and size of the data it protects, and assign a level of accountability accordingly, it says.

In addition, the Executive Yuan is to establish a channel of communication between agencies to facilitate exchanges of intelligence on information security and threats.

Central and local government agency heads should appoint their deputies or other suitable personnel as their chief information security officer, whose job is to monitor and lead information protection tasks within their agencies.

Agencies at all levels should devise reporting and response measures and report to the Executive Yuan and, if applicable, their parent agencies, whenever they encounter an information security event.

To obtain key infrastructure necessary to safeguard information security, responsible central government agencies should select private companies by consulting other concerned agencies, civic groups or experts before submitting a list of companies they want to hire to the Executive Yuan for approval.

Selected private companies are required to report the execution of information safeguarding plans to their respective hiring agency, which would then examine the report.

Civil servants who fail to perform their duties as stipulated in the act are to be punished according to the rules, which are to be set by the Executive Yuan.

Public foundations and state-run businesses that fail to introduce, implement or improve information protection policies at the request of their governing agencies are to be fined between NT$100,000 and NT$1 million (US$3,359 and US$33,587) if they do not make the necessary improvements after a prescribed period.

Central government agencies that fail to supervise the private firms they contract are to be subject to the same fine.

Public foundations and state-run companies that fail to report information security incidents to their central governing agencies are to be fined between NT$300,000 and NT$5 million and will be repeatedly fined until they make improvements.

This story has been viewed 2834 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top