Law Viewer

Back Home

ENFORCEMENT DECREE OF THE ACT ON THE PROMOTION OF INFORMATION SECURITY INDUSTRY

Presidential Decree No. 26728, Dec. 22, 2015

Amended by Presidential Decree No. 28210, Jul. 26, 2017

Presidential Decree No. 29670, Apr. 2, 2019

 Article 1 (Purpose)
The purpose of this Decree is to prescribe matters delegated by the Act on the Promotion of Information Security Industry and matters necessary for the enforcement of such delegated matters.
 Article 2 (Scope of Public Institutions)
"Corporations, organizations and institutions prescribed by Presidential Decree" in Article 2 (1) 5 (d) of the Act on the Promotion of Information Security Industry (hereinafter referred to as the "Act") means schools prescribed in Article 2 of the Elementary and Secondary Education Act; schools prescribed in Article 2 of the Higher Education Act; or schools founded or established pursuant to other statutes.
 Article 3 (Formulation of Plan for Promoting Information Security Industry)
(1) The Minister of Science and ICT shall formulate a plan for promoting the information security industry under Article 5 (1) of the Act (hereinafter in this Article referred to as "promotion plan") by December 31 of the year preceding the year in which the promotion plan is implemented. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(2) The Minister of Science and ICT may formulate a promotion plan including matters necessary for the detailed implementation thereof each year. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(3) Where the Minister of Science and ICT formulates a promotion plan pursuant to paragraph (1), he or she shall immediately notify the heads of relevant central administrative agencies, local governments, and relevant public institutions of the promotion plan, and publicly notify the details thereof. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 4 (Submission of Information on Purchase Demand)
(1) The head of an administrative agency or public institution referred to in subparagraph 2 of Article 2 of the Electronic Government Act (hereinafter referred to as "public institution, etc.") shall annually submit information on purchase demand (hereinafter referred to as "information on purchase demand") for information security technology, information security products, and information security services (hereinafter referred to as "information security technology, etc.") provided by information security enterprises to the Minister of Science and ICT, by the deadlines classified as follows, pursuant to Article 6 (1) of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Information on purchase demand of the relevant year: March 31;
2. Information on purchase demand of the following year: October 31.
(2) The Minister of Science and ICT shall convene meetings of a deliberative committee under Article 6 (3) of the Act within 30 days from the deadlines prescribed in paragraph (1) 1 and 2. In such cases, the period of deliberation shall not exceed 15 days. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(3) The Minister of Science and ICT may construct and operate a purchase demand information system on information security technology, etc. provided by information security enterprises in order to efficiently conduct affairs related to submitting and providing information on purchase demand under Article 6 (1) and (2) of the Act. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 5 (Payment of Reasonable Prices for Information Security Products and Information Security Services)
(1) The Minister of Science and ICT shall formulate standards for calculating reasonable prices for information security products and information security services for developing the information security industry and the quality assurance of information security products and information security services. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(2) The Minister of Science and ICT may disclose the outcomes of investigations conducted through public-private partnership monitoring pursuant to Article 10 (2) of the Act on a quarterly basis via the website, etc. of the Ministry of Science and ICT. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(3) Where the Minister of Science and ICT intends to request the heads of public institutions to submit data pursuant to Article 10 (5) of the Act, he or she shall pre-notify them of the following matters in writing: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Grounds for requesting submission;
2. Deadline for submission;
3. Specific matters of data to be submitted;
4. Means for and types of data to be submitted;
5. Methods of utilizing data to be submitted.
 Article 6 (Requirements and Procedures for Registration of Agencies Evaluating Level of Information Security Preparedness)
(1) "Matters prescribed by Presidential Decree, such as documents that may prove the human, technical and financial capability" in Article 12 (2) 3 of the Act means the following documents:
1. Documents that may prove human, technical, and financial capability necessary to evaluate the level of information security preparedness;
2. Documents that may prove the independence of an evaluation agency registered pursuant to Article 12 (2) of the Act (hereinafter referred to as "agency for evaluating the level of information security preparedness") and the fairness of evaluation and deliberation;
3. Documents concerning the regulations for evaluation conducted an agency for evaluating the level of information security preparedness;
4. Documents that may prove that an agency for evaluating the level of information security preparedness has facilities for evaluating the level of information security preparedness.
(2) A person who intends to apply for registration of an agency for evaluating the level of information security preparedness shall submit an application for registration as such, to the Minister of Science and ICT along with the following documents: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Documents under Article 12 (2) 1 and 2 of the Act;
2. Documents under the subparagraphs of paragraph (1).
(3) Where a person who applies for registration pursuant to paragraph (2) is a corporation, the Minister of Science and ICT shall verify a certificate of incorporation through administrative data matching information under Article 36 (1) of the Electronic Government Act. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(4) Where an application for registration under paragraph (2) meets requirements for registration specified in attached Table 1, the Minister of Science and ICT shall issue a certificate of registration of an agency for evaluating the level of information security preparedness prescribed by Ordinance of the Ministry of Science and ICT, to the applicant within 60 days from the date of application. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(5) Where the Minister of Science and ICT deems it necessary to supplement documents submitted pursuant to paragraph (2), he or she may request the applicant to supplement documents within a fixed period not exceeding seven days from the date he or she notifies the applicant of a request to supplement documents. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(6) Where the applicant requests the Minister of Science and ICT to extend the period on the grounds that he or she is unable to complement documents within the period under paragraph (5), he or she may extend the period by up to 10 days excluding the first period requested to supplement documents.
(7) Where any of the following matters registered is modified, a person who has obtained the registration of an agency for evaluating the level of information security preparedness shall submit an application for modification of registration of the agency for evaluating the level of information security preparedness prescribed by Ordinance of the Ministry of Science and ICT to the Minister of Science and ICT, along with the original certificate of registration of the agency for evaluating the level of information security preparedness and documents that may prove the modification thereof within 30 days from the date grounds for the modification thereof occur: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Name, representative, or location of the agency for evaluating the level of information security preparedness;
2. Articles of incorporation or bylaws of association of the agency for evaluating the level of information security preparedness;
3. A plan for implementing a project to evaluate the level of information security preparedness;
4. Regulations for evaluation of the level of information security preparedness.
(8) Requirements for registration of agencies for evaluating the level of information security preparedness shall be as specified in attached Table 1.
 Article 7 (Requesting Agency for Evaluating Level of Information Security Preparedness to Provide Data)
The Minister of Science and ICT may verify the following matters on an agency for evaluating the level of information security preparedness to provide support under Article 12 (3) and (4) of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Whether the agency for evaluating the level of information security preparedness maintains requirements for registration under attached Table 1;
2. Performance outcomes of evaluating the level of information security preparedness;
3. Results of evaluating enterprises that have undergone the evaluation of the level of information security preparedness.
 Article 8 (Methods of Public Notification of Information Security)
(1) Where a person who provides information or mediates the provision thereof through an information and communications network discloses the status of information security pursuant to Article 13 of the Act, he or she shall include the following in the details thereof:
1. Status of investment in the information security field in comparison with the current status of investment in the information technology field;
2. Status of human resources exclusively in charge of the information security field in comparison with the current status of human resources in the information technology field;
3. Matters concerning certification, evaluation, examination, etc. related to information security (limited to applicable cases);
4. Status of other activities for information security performed by persons who use information and communications services under Article 2 (1) 1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.
(2) Where information security is disclosed pursuant to Article 13 (1) of the Act, the chief information security officer of the business entity that is to make a public notification, and obtain confirmation from the chief executive officer on the details of the public notification in advance.
(3) The Minister of Science and ICT may establish and operate an electronic public notification system to effectively make public notification of information security pursuant to Article 13 (1) of the Act. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(4) Except as provided in paragraphs (1) and (2), matters regarding preparation standards, methods and procedures for disclosing information security shall be determined and publicly notified by the Minister of Science and ICT. <Newly Inserted by Presidential Decree No. 29670, Apr. 2, 2019>
 Article 9 (Implementation of Projects for Standardization)
The Minister of Science and ICT may conduct the following affairs to revitalize the trade of information security technology and to ensure compatibility among information security products pursuant to Article 14 (4) of the Act. In such cases, he or she shall consult with the heads of related agencies about matters related to national security, such as ciphers or codes: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Research on demand for standards and formulating strategies for standards for domestic group standards and national standards related to information security technology, etc.;
2. Organizing and operating a committee in the Republic of Korea for developing and deliberating on international standards related to Information security technology, etc.;
3. Research on the trends of international standards related to information security technology, etc. and supporting the activities of Korean professionals related thereto;
4. Providing support for the confirmation of conformity to, application or utilization of standards related to information security technology, etc.;
5. Advertising on standards related to information security technology, etc.;
6. Education, etc. to nurture domestic and international professionals in standards related to information security technology, etc.
 Article 10 (Methods of Assessing Performance and Designation of Performance Assessment Agency)
(1) Assessing performance of an information security product under Article 17 (1) of the Act (hereinafter referred to as "performance assessment") shall include the following:
1. Performance of processing security functions of the information security product;
2. Whether the information security product realizes important functions related to information security other than the security functions thereof;
3. Performance of processing general functions other than information security functions when operating the information security product;
4. Efficiency of the information security product related to time and resources.
(2) The Minister of Science and ICT may designate the following institutions or organizations as an assessment agency under Article 17 (2) of the Act (hereinafter referred to as "performance assessment agency"): <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. The Korea Internet and Security Agency (hereinafter referred to as the "Korea Internet and Security Agency") established under Article 52 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.;
2. Corporations fully meeting the following requirements:
(a) Organizational structure and human resources to assess performance;
(b) Space for office work and testing, to assess performance;
(c) Facilities to assess performance;
(d) Procedures for operation to assess information security products subject to performance assessment.
(3) Any person who intends to undergo performance assessment pursuant to Article 17 (3) of the Act shall submit an application for performance assessment, products subject to performance assessment, and the following data, to a performance assessment agency:
1. A product manual;
2. A user guide;
3. Other data necessary for performance assessment.
(4) Except as provided in paragraphs (1) through (3), the Minister of Science and ICT shall prescribe and publicly notify necessary matters concerning methods and procedures for performance assessment, designation of a performance assessment agency, etc. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 11 (Information Security Technology Eligible for Designation as Excellent Information Security Technology)
The Minister of Science and ICT may designate any of the following information security technology, etc. as excellent information security technology, etc. pursuant to Article 18 (1) of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Information security technology, etc. deemed new, creative and commercializable, which has been developed in the Republic of Korea;
2. Information security technology, etc. deemed new, creative and commercializable in the Republic of Korea, which was imported from a foreign country and has been improved.
 Article 12 (Methods of Designation of Excellent Information Security Technology)
(1) Any person who intends to apply for designation as excellent information security technology, etc. under Article 18 (1) of the Act shall submit an application for designation prescribed by Ordinance of the Ministry of Science and ICT to the Minister of Science and ICT along with the following documents: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Name and development background of information security technology, etc.;
2. Details of information security technology, etc. (including the outline of information security technology, etc. and specific explanation of matters falling under the subparagraphs of Article 11);
3. Name of the person who has developed or improved information security technology, etc. (where the person is a corporation, referring to the name of the corporation and the name of the representative thereof);
4. Level of contribution to revitalizing the information security industry both domestically and internationally;
5. Outcomes of performance assessment, and other matters related to the findings of evaluation, testing and certification of information security technology, etc.
(2) The Minister of Science and ICT shall notify a person who applied for designation as excellent information security technology, etc. as to whether the designation as excellent information security technology, etc., is made within 90 days from the date he or she received the relevant application under paragraph (1). In such cases, he or she shall issue a written designation prescribed by Ordinance of the Ministry of Science and ICT to a person who obtains designation as excellent information security technology, etc. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(3) Where the Minister of Science and ICT designates excellent information security technology, etc., he or she may hear opinions of interested parties or opinions of institutions, organization, etc. related to excellent information security technology, etc. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(4) Except as provided in paragraphs (1) through (3), the Minister of Science and ICT shall prescribe and publicly notify necessary matters concerning specific methods, etc. for designation of excellent information security technology, etc. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 13 (Details of Support for Excellent Information Security Technology)
(1) The Minister of Science and ICT may provide the following support to a person who has obtained designation as excellent information security technology, etc. pursuant to Article 18 (1) of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Support for providing prototypes and commercialization;
2. Support for startup and advertising;
3. Support for new market opening and exportation.
(2) The Minister of Science and ICT shall prescribe and publicly notify necessary matters concerning procedures and methods for providing support and the details of support for excellent information security technology, etc. under paragraph (1). <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 14 (Support for Excellent Information Security Enterprises)
"Matters prescribed by Presidential Decree" in Article 19 (2) 4 of the Act means the following matters:
1. Providing support for international cooperation under Article 16 of the Act;
2. Subsidizing expenses incurred in assessing performance;
3. Providing support for exportation under Article 21 of the Act.
 Article 15 (Methods of Designation of Exemplary Information Security Enterprises)
(1) Any person who intends to apply for designation as an exemplary information security enterprise pursuant to Article 19 of the Act shall submit an application for designation prescribed by Ordinance of the Ministry of Science and ICT to the Minister of Science and ICT along with the following documents: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Data on the achievements that contributed to promoting the information security industry, such as developing and commercializing excellent information security technology, etc.;
2. Data evidencing the fact that the applicant is an information security enterprise or a statement of opinion of the Korea Information Security Industry Association established under Article 24 of the Act as to whether the applicant is an information security enterprise.
(2) Article 12 (2) and (3) shall apply mutatis mutandis to procedures for notification of whether an applicant is designated as an exemplary information security enterprise. In such cases, "excellent information security technology, etc." shall be construed as "exemplary information security enterprise."
(3) Except as provided in paragraphs (1) and (2), the Minister of Science and ICT shall prescribe and publicly notify necessary matters concerning detailed criteria, procedures, methods, etc. for examining designating exemplary information security enterprises. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 16 (Provision of Loans)
(1) Where an information security enterprise intends to obtain a loan pursuant to Article 20 (1) of the Act, it shall file an application for a loan with a financial institution that handles the relevant type of loan, on recommendation by the Minister of Science and ICT. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(2) The Minister of Science and ICT shall prescribe and publicly notify the terms of loans prescribed by him or her, such as interest rates, pursuant to Article 20 (1) of the Act, and detailed matters concerning methods and procedures for providing loans, institutions that handle loans, etc. under paragraph (1). <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 17 (Measures for Promotion of Exportation)
(1) The Minister of Science and ICT may take the following measures for promoting investment in the information security industry and expanding export markets: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Collecting and providing information and data on the overseas markets of the information security industry;
2. Establishing an international cooperation system to promote the exportation of the information security industry;
3. Inducing foreign and domestic investment in the information security industry and supporting overseas investment of Korean enterprises;
4. Researching policy measures for promoting investment in the information security industry and expanding export markets of the information security industry;
5. Overseas marketing and advertising related to the information security industry;
6. Other measures necessary for promoting investment in the information security industry and expanding export markets of the information security industry.
(2) The Minister of Science and ICT may provide the following support to promote the exportation of the information security industry pursuant to Article 21 (2) of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Providing consultation and advice on exporting information security products and information security services;
2. Subsidizing expenses incurred in holding and participating in exhibitions and academic conferences both domestically and internationally for promoting exportation;
3. Support for invitations and visits for negotiations for exportation;
4. Support for the overseas dispatch of human resources and the operation of overseas offices for promoting exportation;
5. Other support necessary for promoting exportation of the information security industry.
 Article 18 (Support for Small and Medium Enterprises related to Information Security)
The Minister of Science and ICT may provide the following support to small and medium enterprises, etc. (referring to small and medium enterprises, etc. under Article 5 (1) 5 of the Act; hereinafter the same shall apply) related to information security pursuant to Article 22 (2) of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Support for trade or commercializing information security technology developed pursuant to Article 14 of the Act;
2. Support for inducing foreign investment, international technology cooperation, and overseas expansion;
3. Support for obtaining intellectual property rights, such as national and international patent applications for core information security technologies;
4. Other matters the Minister of Science and ICT deems necessary for developing the information security industry and expanding investment in and nurturing small and medium enterprises, etc. related to information security.
 Article 19 (Authorization for Incorporation of Korea Information Security Industry Association)
(1) Any person who intends to incorporate the Korea Information Security Industry Association (hereinafter referred to as the "Association") under Article 24 (1) of the Act shall submit the following documents to the Minister of Science and ICT: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Articles of incorporation;
2. A list and curriculum vitae of promoters;
3. A list of intending members of the Association;
4. A business plan and forecast of revenues and expenditures;
5. Minutes of the inaugural meeting.
(2) The articles of incorporation under paragraph (1) 1 shall include the following:
1. Name and objectives of the Association;
2. Location of the head office;
3. Matters concerning affairs and the management thereof;
4. Matters concerning executive officers;
5. Matters concerning qualifications of members;
6. Matters concerning the amendment of the articles of incorporation;
7. Other matters necessary to operate the Association.
(3) Where the Minister of Science and ICT authorizes incorporation of the Association pursuant to Article 24 (1) of the Act, he or she shall publicly announce his or her authorization for incorporation thereof. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
(4) Where the Association intends to amend any matter under the subparagraphs of paragraph (2), it shall file an application for approval of the amendment thereof with the Minister of Science and ICT within 10 days from the date the general meeting of its members that has decided such amendment is closed. In such cases, where the Minister of Science and ICT authorizes the change of the name of the Association or the location of its office, he or she shall publicly announce such fact. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 20 (Projects and Supervision of Association)
(1) The Association shall implement the following projects concerning the information security industry:
1. Researching and proposing improvements to systems for creating the environment for the information security industry;
2. Supporting training of human resources for information security;
3. Researching the current status and preparing statistics related to the information security industry;
4. Researching technical trends and activities to disseminate new technologies concerning the information security industry;
5. Preparing statements of opinion on whether an enterprise is an information security enterprise;
6. Facilitating international cooperation and overseas expansion concerning the information security industry;
7. Researching standards for reasonable prices for information security technology, etc. of the information security industry;
8. Technical research necessary for the information security industry;
9. Other projects necessary for developing the information security industry and achieving the objectives of incorporation of the Association.
(2) Where the Minister of Science and ICT deems that the Association implements projects other than the objectives provided in this Decree and its articles of incorporation, he or she may request the Association to rectify its projects. <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
 Article 21 (Operation of Dispute Mediation Committee)
(1) Where the chairperson of the dispute mediation committee of the information security industry under Article 25 (1) of the Act (hereinafter referred to as the "Mediation Committee") intends to convene a meeting of the Mediation Committee, he or she shall designate the date, time, venue, and agenda of the meeting and notify each member of such designated date, time, venue, and agenda seven days before he or she convenes the meeting: Provided, That in emergency or other extenuating circumstances, he or she may shorten the aforesaid period.
(2) A majority of the members of the Mediation Committee including the chairperson shall constitute a quorum, and any decision thereof shall require the concurring vote of a majority of those present.
(3) The Mediation Committee may have subcommittees to efficiently conduct its affairs.
(4) No meeting of the Mediation Committee shall be made public: Provided, That where deemed necessary, the Mediation Committee, by resolution, may allow relevant persons or interested parties to attend its meetings.
 Article 22 (Methods and Procedures for Mediation to Settle Disputes)
(1) Any person who intends to receive aid to recover loss and participate in mediation to settle a dispute in relation to using, etc. an information security product and information security service shall submit an application for mediation to the Mediation Committee, as prescribed by the Mediation Committee.
(2) The Mediation Committee upon receipt of an application under paragraph (1) shall immediately notify disputants of the details thereof.
(3) The Mediation Committee may recommend that the disputants reach an autonomous agreement; and where the disputants fail to reach an agreement within 20 days from the date it give notification under paragraph (2) to them, the chairperson of the Mediation Committee shall submit an application for mediation under paragraph (1) to the Mediation Committee.
 Article 23 (Allowances and Travel Expenses)
The Mediation Committee may pay allowances and reimburse travel expenses of members, etc. who attend its meetings within budgetary limits: Provided, That the foregoing shall not apply where a member of the Mediation Committee who is a public official attends its meetings in direct relation to his or her duties.
 Article 24 (Costs for Mediation)
(1) In cases of mediation in which the Mediation Committee requires an applicant to bear the costs of the mediation pursuant to Article 31 (1) of the Act, the applicant for mediation shall prepay such costs when he or she applies for mediation.
(2) The amount of costs for mediation under paragraph (1) shall be determined by the Committee.
(3) Where the Mediation Committee requires the disputants to share the costs for mediation pursuant to the proviso of Article 31 of the Act because the dispute was resolved between the disputants through mediation, it shall present a mediation agreement under Article 29 (3) of the Act including matters concerning the costs for mediation to each disputant.
 Article 25 (Detailed Rules of Mediation to Settle Disputes)
Except as provided in this Act and this Decree, the chairperson of the Mediation Committee shall prescribe matters necessary for operating the Mediation Committee following a resolution thereon.
 Article 26 (Particular Details of Terms and Conditions of Transactions of Information Security Products and Information Security Services)
Where an information security enterprise intends to prepare the terms and conditions for protecting users pursuant to Article 36 (2) of the Act, it shall include detailed matters concerning the following:
1. Methods and procedures for returning amounts erroneously or overpaid;
2. Methods of cancelling or terminating a contract for using an information security product and information security service;
3. Compensation to users for loss which incurred due to a defect, etc in the product;
4. Methods and procedures for resolving disputes;
5. Other matters the information security enterprise deems necessary to protect users.
 Article 27 (Entrustment of Affairs)
(1) The Minister of Science and ICT shall designate the following institutions as specialized institutions pursuant to Article 38 of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. The Korea Internet and Security Agency;
2. The Korea Information Security Industry Association established under Article 24 (1) of the Act;
3. Science and technology research institutes specializing in manufacturing technology whose establishment was permitted pursuant to Article 42 of the Industrial Technology Innovation Promotion Act.
(2) The Minister of Science and ICT shall entrust the following affairs to the Korea Internet and Security Agency designated under paragraph (1) 1 pursuant to Article 38 of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017; Presidential Decree No. 29670, Apr. 2, 2019>
1. Receiving and providing information on purchase demand under Article 6 of the Act;
2. Collecting and analyzing information related to an information security project under Article 10 (4) of the Act and requesting submission of data under Article 10 (5) of that Act;
3. Researching and developing converged information security technology, etc., trading and commercializing converged information security technology, and pilot projects concerning converged information security technology, etc. under Article 11 (2) 1 through 3 of the Act;
4. Support for the receipt of applications for registration and for registration of an agency for evaluating the level of information security preparedness under Article 12 (2) of the Act;
5. Surveying the levels of information security technologies under Article 14 (1) 1 of the Act and establishing regional clusters of industries related to information security under subparagraph 4 of that paragraph;
6. Establishing and operating relevant facilities under Article 14 (3) of the Act, and permitting to use and lend such facilities;
7. Ascertaining the actual conditions of demand for professionals and formulating mid-term and long-term prospects of supply and demand under Article 15 (1) 1 of the Act;
8. Deleted; <by Presidential Decree No. 29670, Apr. 2, 2019>
9. Support for establishing a qualification system and for the supply and demand of professionals related to the information security industry under Article 15 (1) 4 of the Act;
10. Supporting projects, such as international exchanges of information security technology and professionals, and international joint research and development under Article 16 (2) of the Act;
10-2. Receipt of an application for designation as a performance assessment agency under Article 17 (2) of the Act and examination of whether the designation requirements under Article 10 (2) and (4) of this Decree are met;
11. Receiving applications for designation and examination as to whether an applicant meets criteria for designation among affairs concerning the designation of an enterprise specializing in information security services under Article 23 (1) of the Act;
12. Examining post management under Article 23 (3) of the Act;
13. Projects for protecting users under Article 34 (1) of the Act;
14. Constructing and operating a purchase demand information system under Article 4 (3);
15. Constructing and operating an electronic public notification system under Article 8 (3);
16. Examining designation and receiving applications for designation of excellent information security technology, etc. under Articles 11 and 12 (1);
17. Receiving applications for designation and examining designation of exemplary information security enterprises under Article 15;
18. Receiving applications for recommendations for providing loans under Article 16.
(3) The Minister of Science and ICT shall entrust the following affairs to the Association designated pursuant to paragraph (1) 2 pursuant to Article 38 of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017>
1. Monitoring public-private partnership under Article 10 (2) of the Act;
2. Preparing standards for calculating prices for information security services under Article 10 (4) 5 of the Act;
3. Operating a system to support the provision, etc. of information related to the information security industry under Article 14 (2) of the Act;
4. Deleted. <by Presidential Decree No. 29670, Apr. 2, 2019>
(4) The Minister of Science and ICT shall entrust the following affairs to an institution publicly notified by the Minister of Science and ICT, from among the specialized institutions designated under paragraph (1), pursuant to Article 38 of the Act: <Amended by Presidential Decree No. 28210, Jul. 26, 2017; Presidential Decree No. 29670, Apr. 2, 2019>
1. Support for developing and disseminating educational programs for training professionals under Article 15 (1) 3 of the Act;
2. Project relating to support for exportation under Article 21 of the Act.
 Article 28 (Criteria for Imposition of Administrative Fines)
Criteria for imposing administrative fines under Article 41 of the Act shall be as specified in attached Table 2.
ADDENDA
Article 1 (Enforcement Date)
This Decree shall enter into force on December 23, 2015.
Article 2 (Special Cases concerning Formulation of Promotion Plan)
Notwithstanding Article 3 (1), the Minister of Science and ICT shall formulate a promotion plan for the period from 2016 through 2020 by June 30, 2016.
Article 3 Omitted.
ADDENDA <Presidential Decree No. 28210, Jul. 26, 2017>
Article 1 (Enforcement Date)
This Decree shall enter into force on the date of its promulgation.
Articles 2 through 6 Omitted.
ADDENDUM <Presidential Decree No. 29670, Apr. 2, 2019>
This Decree shall enter into force on the date of its promulgation.