(July 15, 2003 the Ministry released 10th) Chapter I General provisions article in order to protect the railway computer information system security, and promote the application and development of computer, modernization of railway transport and smooth, according to the People's Republic of China stipulated in the regulations on protection of computer information system security, these measures are formulated.
    Second approach applies to the railway system of organs, enterprises, institutions and the extension of railway computer information systems.
    Article computer information systems in these measures refers to the computer and its related and supporting equipment and facilities (including networks) which, according to certain rules of application goals and information collection, processing, storage, transmission, retrieval, and processing of human-machine system.
    Railway IV protection of computer information system's main task was: improve the overall security level of the computer information system to ensure railway transport safety.
    Five railway security protection of computer information system, is the work of railway transport safety protection component, should carry out "putting prevention first and comprehensive treatment, people, combining prevention and protection" approach, step by step the establishment of security system, strengthening the system construction, and gradually realizing scientific, standardized management.
    Sixth railway Public Security Bureau Director railway computer information system security, railroad (railway, railway construction) Public Security Bureau, the Department should be clear information network security supervision body, responsible for the protection of computer information system. Second chapter security supervision VII article railway police organ on railway computer information system security work exercise following supervision terms: (a) urged computer information system of management sector and using units implementation national about computer information security legal, and regulations and provides, law on its security protection work for supervision, and check and guide; (ii) is responsible for on new, and alterations and expansion railway computer information system of security protection measures for record; (three) is responsible for check, and
    Guide railway computer information system of security technology measures; (four) is responsible for computer information system security member of training; (five) is responsible for computer information system security dedicated products using of audit; (six) is responsible for supervision, and check computer information system security management system of implementation; (seven) Organization computer viruses control and informed outbreak; (eight) investigation and detected against railway computer information system security of accident and case; (nine) is responsible for award and punishment;
    (10) go through the railway safety management of computer information systems procedures (11) Organization of computer information system safety inspections, testing, (12) the organization working knowledge of computer information system security training and awareness.
    Eight railways within public security organ responsible for supervision and administration of the computer network and Internet security.
    Article railway police organs when he found the effects of computer information system security risk, to inform the security units, rectification. Article railway public security information network to monitor security staff to railway safety certificate before they can work.
    Monitoring permits issued by the Ministry of Public Security Bureau. 11th railway public security grass-roots, the agencies should assist in information network security supervision, protection of computer information system.
    In special circumstances, approved by the railway police organs at higher levels, you can exercise the supervisory functions of computer security. 12th chapter security computer information system security work "who's in charge, who's in charge, who runs, who is responsible for" principle.
    Using, and management computer information system of units (sector) to established computer information system security management organization and established security Member, is responsible for this units (sector) of computer information system security work, its duties is: (a) determine this units computer information system of security strategy, established sound security management system; (ii) perfect and implementation computer information system security, achieved internal network and external network of physical isolation, is strictly prohibited a machine dual-use; (Three) tie police organ handle about computer information system security management procedures; (four) strictly management computer information system resources, established computer information system resources Taiwan account; (five) strictly management system administrator; (six) established and police organ of informed contact system, regularly to railway police information network security monitored sector report computer information system security situation; (seven) on caused loss and effect transport security, and computer information system security of case, and accident and the violations,
    Report within 12 hours of railway police organs, and to protect the site and related information to assist investigations, those responsible.
    13th computer information system security officer must pass railway police training, exam training certificates before they can post.
    14th with international networks of individuals, units, and must strictly implement relevant regulations of the State, the Ministry of railways.
    15th construction of computer room shall comply with the relevant provisions of the State and the Ministry of railways.
    16th important departmental computer rooms should be developed out system, persons without the approval of the competent authorities, access to and use of information processing equipment and media.
    17th railway units and departments in building, rebuilding, expansion of computer systems computer system security protection scheme should be reported before the railway public security organ for the record.
    18th important computer information systems from one department need external network or the provision of services, in parallel with the approval of the competent departments, shall be submitted to the railway police organ for the record.
    Units of the 19th and the Department of computer information system security product, must be licensed by the relevant departments of the State of products, products shall not be used without permission.
    Article 20th networked computers must be configured antivirus tools for real-time monitoring and testing.
    21st important computer information system should be set up dual dual redundancy, closed operation of, and draw up contingency plans, make sure that the system can quickly return to normal after the accident.
    22nd all assets to strictly enforce the system of registration and use of computer information systems, and establishing the complete equipment inventory and file regular inventory.
    Article 23rd on the processing of each link and process security and safety control measures are required to prevent from being illegally used, change, damage and leakage.
    Article 24th of computer equipment use and the right of access to information, according to the work to be awarded, no person shall use ultra vires. 25th computer connecting important computer information systems shall not be stored programs and data has nothing to do with the work. Information storage media and file security secrecy system, and designated personnel, counter for safekeeping.
    Without approval of the supervisor, are not free to use, modify, copy, and lending.
    Article 26th, management unit of the computer to do a daily backup of data and software, new software and external data references must conduct safety tests, confirmed and put into normal operation.
    27th important computer information system should be established to improve the journal of computer information systems, according to the criticality of information saves time, minimum of not less than 60 days. Fourth chapter legal responsibility 28th article violation this approach, has following behavior one of of, by police organ sentenced warning: (a) late not to police organ handle about computer information system security management procedures of; (ii) occurred computer information system case, and accident or violations, in 12 hours within not report of; (three) violation computer information system international networking record system of; (four) received rectification notice Hou, not regular for rectification of; (five) refused to, and
    Hindered railway public security organs in accordance with the implementation of computer information system security, supervision, and (f) other acts that endanger security of computer information systems.
    29th computer information systems have serious safety hazards or suspected criminal evidence, technical inspection is required to verify or serious accidents or criminal cases of computer information systems, you need to protect the site or obtain evidence by the public security authorities to take measures to preserve evidence.
    Article 30th intentionally producing and disseminating computer viruses and other harmful data, below 5000 by the public security organ for the individual fines, the unit shall be fined a maximum of 15000.
    31st in violation of these regulations shall be given administrative punishments, the railway public security organs in accordance with the administrative penalties administrative penalty procedure under the law. 32nd railway public security organs in violation of these regulations impose administrative fines, should be introduced for separating penalty decision from penalty payment system.
    Railway police organs shall determine the fine collection agency, decision instruments issued by the public security organs, the person penalized to the collecting bank to pay the fine. 33rd railway public security administrative punishment, the use of the administrative punishment decision letter of the Ministry of public security issued.
    According to the 48th article of the administrative punishment law, put forward by the parties, to collect fines on the spot by the railway police organ, railway police organs shall be issued by the Ministry of finance to a client specified receipt.
    Article 34th in violation of these regulations, constitutes a crime, investigated for criminal responsibility in accordance with the relevant provisions of the criminal code.
    Article 35th of the administrative punishments of railway public security organs in accordance with this approach is dissatisfied, he can apply up railway police organ review people's Court or administrative proceedings.
    Article 36th for computer information system security is not implemented, the unit causing the harmful consequences, apart from the penalty directly responsible, and also holds the primary leadership responsibility.
    37th railway public security information network security supervision departments and persons violating these rules, legally punished by the railway police organs at a higher level.
    The fifth chapter by-laws mentioned in the 38th article of the measures "important" or "important computer information system", "computer incidents and breaches" stipulated separately. 39th China Railway Engineering Corp, China railway construction Corporation to apply these measures.

    40th article explains these measures by the Ministry of railways. 41st these measures come into force on September 1, 2003.
                                                                                                    Railway the railway computer information systems security policy (railway police [1998]74) repealed simultaneously.