Search Results

Enforcement Letter

 
Organisation: Financial Supervisory Commission
Issue No.: Financial-Supervisory-Securities-Auditing-11003656544 
Issue Date: 2021/12/28
Content:     Order of the Financial Supervisory Commission

    Issue date: 28 December 2021
    Issue number: Financial-Supervisory-Securities-Auditing-11003656544

  1. This Order is issued pursuant to Article 9-1, paragraph 2 of the Regulations Governing Establishment of Internal Control Systems by Public Companies.
  2. TWSE and TPEx listed companies shall allocate adequate human resources and equipment with responsibility for the planning and monitoring of their information security system and the implementation of their information security maintenance operations. The following provisions apply to the allocation of adequate human resources:
    1. A company meeting any of the conditions listed below shall, by the end of 2022, appoint a person with overall responsibility for the promotion of information security policies and the deployment of related resources to serve on a concurrent basis as chief information security officer, and establish a dedicated information security unit. That unit shall be staffed by a dedicated departmental chief officer and at least two dedicated personnel who are specifically responsible for information security-related work or duties.
      1. Paid-in capital of NT$10 billion or more.
      2. At the end of the previous year, it was a constituent company of the FTSE TWSE Taiwan 50 Index as announced by the TWSE.
      3. In the most recent fiscal year, revenue from the transfer of ownership of goods or the provision of services through the Internet or other electronic media accounted for 80 percent or more of the operating revenue in the financial report for that fiscal year, or, in the most recent 2 fiscal years, revenue from the transfer of ownership of goods or the provision of services through the Internet or other electronic media accounted for 50 percent or more of the operating revenue in the financial reports for those 2 fiscal years combined.
    2. TWSE and TPEx Companies that do not fall under the preceding subparagraph and have not had consecutive deficits in their income before tax in each of the 3 most recent years and furthermore had net worth per share not less than par value in the financial report for the most recent fiscal year shall, by the end of 2023, have a dedicated chief officer of information security and at least one dedicated information security personnel member.
  3. A TWSE or TPEx listed company that meets the condition in subparagraph (1) of the preceding point on or after 1 January 2023, or that meets the condition in subparagraph (2) of the preceding paragraph on or after 1 January 2024, shall, within 6 months from the time it meets the applicable condition, make the adjustments necessary to allocate the adequate human resources for information security.
  4. This Order is effective from 1 January 2022.