information technology governance policy, which contains at least the following requirements: (a) conduct internal audit and operation review, systematically; (b) correct deviation and follow up the result of
following requirements: (a) conduct internal audit and operation review, systematically; (b) correct deviation and follow up the result of correction, systematically. Chapter 2 Establishment of Policies