ACSA Launches Joint Audit of 15 IT Service Providers to Bolster Government Outsourcing Security

(CNA, Taipei, May 21, by reporter Chao Min-ya) The Ministry of Digital Affairs' Administration for Cyber Security (ACSA) announced today the official launch of the "Joint Cybersecurity Audit Program for Trustees," uniting different public agencies to jointly conduct audits of outsourced vendors. This time, ACSA has consolidated authorization from 121 agencies to audit 15 IT service providers, aiming to strengthen the cybersecurity protection of the government's outsourced supply chain by establishing a common audit standard.
In a press release, ACSA explained that in the past, vendors creating systems for the government who served multiple agencies had to undergo numerous cybersecurity audits. This was repetitive and time-consuming for the vendors and also increased the government's administrative costs. To address this, ACSA promoted the "Joint Cybersecurity Audit for Trustees," allowing vendors to satisfy the cybersecurity management supervision and legal compliance requirements of multiple agencies through a single, comprehensive audit.
ACSA stated that the joint audit is conducted using a risk-oriented approach. Based on the number of agencies a vendor serves and the number of core information and communication systems they maintain, 15 key IT service providers were selected as audit targets, with 121 agencies, including various central government ministries, participating.
ACSA identified the 15 IT service providers as: Chunghwa Telecom Co., Ltd. Enterprise Business Group, Acer E-Enabling Service Business Inc., GSS Technology Inc., Systex Corporation, TISINC., Hyweb Technology Co., Ltd., Trade-Van Information Services Co., Tsaiweii International Inc., Hamastar Technology Co., Ltd., Kung-Ho Information System Co., Ltd., E-SHINE Information Co., Ltd., KFAI Technologies Co., Ltd., ASIA-INFO Co., Ltd., Arche-Group, and Kung-Ta Information Co., Ltd.
ACSA noted that this is the first year of implementation. Through cross-agency participation and sharing of audit results, it not only saves administrative manpower and operational costs for each agency but also effectively reduces the frequency of audits for vendors. This allows them to focus resources on service operations and cybersecurity enhancement. Future plans include gradually expanding participation to local governments and other branches of government such as the Legislative, Judicial, Examination, and Control Yuans.
ACSA emphasized that the core value of promoting the joint audit is to establish a consistent and common audit standard, which helps improve the cybersecurity quality of outsourced services. The agency hopes that this system will encourage IT service providers to continuously improve their cybersecurity management measures, strengthening the cybersecurity resilience of the government's outsourced supply chain from the source and achieving a win-win goal for both the government and the industry. (Editor: Huang Kuo-lun) 1150521