On Domestic Enterprises To Undertake Service Outsourcing Business Information Protection Regulations

Original Language Title: 关于境内企业承接服务外包业务信息保护的若干规定

Read the untranslated law here: https://www.global-regulation.com/law/china/159972/.html

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Get a Day Pass for only USD$49.99.
On domestic enterprises to undertake service outsourcing business information protection regulations

    (December 28, 2009 People's Republic of China Ministry of Commerce, industry and information technology Ministry 2009 13th release as of February 1, 2010) article to promote service outsourcing enterprises in China (hereinafter referred to as the contract issuer) place the protection of classified information and maintaining a fair and competitive environment to promote the further development of China's service outsourcing industry, according to the People's Republic of China contract law and other laws and administrative rules and regulations, this provision is enacted.

    Article undertake service outsourcing business in these rules refers to the contract issuer by contract to inside and outside the enterprise, institution, organization or individual (hereinafter called the employer) provides information technology outsourcing services, business process outsourcing services such as technical.

    Third classified information in these rules refers to the following business information or data:

    (A) those providing service outsourcing business process obtained from the employer;

    (B) the employer has taken security measures and is not known to the public;

    (C) those providing under the contract shall be liable for the duty of confidentiality.

    Fourth after the contract issuer and its shareholders, directors, supervisors, managers and staff must not violate the service outsourcing contract agreement, disclosing, using or allowing others to use its knowledge of the employer's confidential information.

    Fifth pick those providing information should be established to protect agency or designated professionals responsible for enterprise information protection rules and regulations on confidential information to take concrete, effective and reasonable security measures, including:

    (A) the limited scope of key personnel;

    (B) confidential information carrier and storage space to take control of technical physics, to avoid information being improperly accessed or acquired;

    (C) the record carrier grade management of confidential information;

    (D) contents of recipes and procedures, and other important information encrypted or stored in restricted areas;

    (E) confidential information using a password;

    (Vi) contains confidential information workshop, workshops, offices and other places restrictions on visitors or their confidentiality requirements;

    (VII) the computer to establish an effective network for confidential information-management and data-protection measures, establish a strict authentication and authorization system, a complete system backup and recovery tools, upgrading security patches and virus definitions on a regular basis;

    (H) other measures stipulated in the contract issuer and employer.

    Sixth contract issuer shall be agreed with the staff, especially confidential personnel sign confidentiality agreements, noncompetition agreements, as well as with third parties confidential personnel sign confidentiality agreements and other measures to ensure information security.

    Seventh after the contract issuer should strengthen information security training for employees, and increase employee awareness of confidentiality and avoid the occurrence of leaks of classified information.

    Eighth to encourage those providing positive domestic and international information security certification requirements, industry best practices to the development of enterprise information management system, and access to domestic and international information security certification.

    Nineth contract issuer should be active within the information security management system of inspection and maintenance, continuous improvement of enterprise information systems.

    Tenth after the contract issuer breaches between employer confidentiality agreement or confidentiality clauses in a contract of service outsourcing, Contracting Parties under a confidentiality agreement or service contract agreement to initiate an arbitration or the jurisdiction of the Court.

    11th contract issuer and employer expressly agreed by those providing for the employer to provide services, in the performance of obligations of confidentiality of information arising from intellectual property or technology belonging to the outcome of.

    12th contract issuer shall not infringe the employer shall enjoy trademark, patent, copyright and other intellectual property rights.

    13th relevant industry associations and other intermediary organizations should strengthen industry self-regulation, according to the need for regular publication of those providing information security work.

    14th article of the regulations by the Ministry of Commerce, Ministry of industry and information technology is responsible for the interpretation. 15th article of the regulations come into force on February 1, 2010.