Interim Measures For The Protection Of Computer Information System In Xiamen (2004 Revision)

Original Language Title: 厦门市计算机信息系统安全保护暂行办法(2004年修正本)

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
(May 21, 1999, Xiamen City people's Government, the 82nd announced on June 28, 2004 published by the Xiamen City people's Government, the 111th of the Xiamen municipal people's Government on repeal, amendment of some of the decisions of the municipal regulations amended) Chapter I General provisions article to promote the application and development of computer, computer information system security, ensuring smooth progress of construction of Xiamen port, according to the People's Republic of China regulations on protection of computer information system security and other relevant laws and regulations,
    This municipality actually, these measures are formulated.
    Second safety protection of computer information system in the urban areas, these measures shall apply.
    Article computer information systems in these measures refers to the computer and its related and supporting equipment and facilities (including networks) which, according to certain rules of application goals and information collection, processing, storage, transmission, retrieval, and processing of human-machine system.
    Article fourth of computer information system security, should protect the computer and its related and supporting equipment and facilities (including network) security protection of computer information system operation environment security, ensure the safety of computer information, protect the computer functions properly in order to maintain safe operation of computer information system.
    Fifth article computer information system of security protection work, focus maintenance following involved national affairs, and economic construction, and tip science and technology, important field and units (following said important industry, and focus units) of computer information system of security: (a) storage, and processing, and transmission public information and national secret of computer information system; (ii) financial, and securities and utilities units of computer information system; (three) engaged in international networking of Internet, and access network of computer information system.
    Sixth article police organ competent this city computer information system security work, main duties is: (a) supervision, and check, and guide computer information system security work; (ii) prevention, and investigation against computer information system security of illegal crime case; (three) supervision, and check important industry, and focus units computer room of new, and alterations, and expansion of security protection work; (four) is responsible for international networking of security management and user record registration work;
    (V) is responsible for the publicity and education work of computer information system security knowledge (vi) release of control and management of computer virus epidemic situation and the prevention and control of harmful data; (g) perform other duties as computer information systems security.
    National security, confidentiality and other relevant administrative departments within the scope of their respective duties and responsibilities of computer information system security-related work.
    Seventh no unit or individual may use the computer information system against national interests and activities of collective interests and legitimate interests of citizens, shall not endanger the security of computer information systems.
    Eighth chapter security protection systems unit of computer information system should be established personnel management, room management, equipment management (network device) magnetic media, data management, management, input/output control, management and safety supervision system, perfect computer information system security system, the unit of computer information system security work. Nineth unit should be equipped with computer information system security of computer information systems technician. Security technicians should perform following duties: (a) strictly implementation computer information system security management system; (ii) on computer information system security run situation for check, timely investigation not security factors, excluded security hidden; (three) prepared illegal report, and run log and other and computer information system security about of material; (four) regularly check system run environment, prevent on system of illegal operation; (five) occurred computer information system security accident and computer illegal crime case Shi,
    Immediately report to the leaders, and to preserve the site. Tenth important industries, unit of computer information systems unit of computer information system security management organization should be established, and to report to the public security organ for the record.
    Safety management organization should perform the following duties: (a) the development and implementation of computer information system security management system, (ii) education to practitioners of computer information system security, (iii) organize regular safety inspections and safety audits and (iv) assist the public security organs to investigate computer crimes.
    11th important industries, unit of computer information system unit should develop a disaster recovery plan, and implementation.
    Important industries, unit of computer information systems unit of computer information system security audit system should be established, to data security procedures and measures to check the suitability of existing security policy and ensure implementation.
    12th computer information involving State secrets and management of computer information system, in accordance with the relevant provisions of the State.
    Computer information systems staff to involve State secrets information, candidates ', assessment should be carried out, confidential knowledge, training, and management according to the relevant regulations of the State.
    13th transport, carrying, mailing of computer information media with them, should be declared to customs.
    14th computer information system security product sales and licensing system provided for by the State.
    15th computer information system application units found in computer information system security incidents and computer crime cases, should report to the police within 24 hours, but major security incidents and cases should be reported immediately.
    16th computer information systems of emergency or safety hazards likely to endanger public safety, public security organs have the right to take emergency measures such as suspension of networking, stop check, but related units should be coordinated in advance to do security work.
    Chapter III security computer room in the 17th test should be consistent with national standards and relevant regulations of the State.
    Computer room facilities near or around the computer room construction, computer information system safety is not compromised.
    Article 18th computer room design and construction units should have the appropriate design and construction technology of computer room. Lightning protection engineering design and construction of computer room units, should be about lightning protection engineering design, installation qualification certificate issued by the Department.
    Computer room fire facilities design and construction according to the relevant State fire control laws and regulations. 19th public security authorities shall, jointly with relevant departments of important industries, a key unit of computer information system security system in accordance with the relevant provisions and standards organizations to check.
    This includes: (a) the system of safety management system, (ii) the security of computer information systems entities, (iii) computer network communication and data transmission security; (iv) computer software and database security (v) computer information system security audits and the implementation of the disaster recovery plan.
    20th important industries, unit of computer information system unit computer information systems equipment updates or while having a direct impact on the security system, shall be reported to the public security authorities for the record, the public security organ shall, jointly with relevant departments of the affected part of the organization check, make sure that your computer meets the minimum security requirements of information systems. 21st police find computer information systems unit of computer information system security system when there is a security risk, and testing could be organized.
    Testing has found that security issues, by the public security organs ordered to rectify.
    22nd statutory inspection unit of computer information system should be strictly enforced national standards and relevant regulations to ensure testing reports issued by true, objective, impartial and complete, be detected and shall not reveal the business secrets of the units, be detected should not affect the unit production, management, research and other activities normally.
    23rd chapter fourth bad data management application entity shall establish an information security management system of computer information systems, preventing information from being illegal to add, delete, modify, copy.
    Computer information system application units shall establish a computer data backup system, strengthening the management of backup data, update.
    Unit of computer information system in accordance with the relevant provisions of article 24th release of information shall be true, complete, and reliable.
    25th no unit or individual is allowed to spread, manufacturing, publishing, reproduction and sale of media containing computer viruses and other harmful data source program and not reactionary, yellow, manufacturing, sales of pirated electronic media; seminar on mechanism of computer viruses is not allowed to open talks or training. 26th public security organs should be published in advance of the computer virus epidemic situation bulletin.
    Any unit and individual shall in any way release the computer virus epidemic. 27th article computer information system application units in harmful data management work in the should perform following duties: (a) developed and implementation specifically of computer viruses and other harmful data management system; (ii) computer hardware, and software using Qian, should for computer viruses and other harmful data detection; (three) regularly for computer viruses and other harmful data detection, timely clear computer viruses and other harmful data; (four) found cannot clear of computer viruses should take protection measures,
    And extracting the samples submitted to the police authorities within 24 hours (v) assist the public security organs in tracing sources of computer viruses.
    28th manufacture, sales, rental, repair, commercial free computer products of units and individuals, should ensure that their products are qualified, may not carry computer viruses and other harmful data.
    Fifth chapter 29th International network management application for engaging in international networking business or non-business activities, should be according to the relevant regulations of the State examination and approval procedures, and report to the public security organ for the record. Involved in national affairs, economic construction, advanced science and technology, and other important areas of international networking of computer information system is intended, at the time of filing to the public security organ shall issue a certificate of approval by the Administrative Department.

    30th through physical communication channel, directly or indirectly, and networking of computer information systems outside the computer information system application units and individuals, should be opened in networking, network changes, termination date of networking in the 30th, to the public security authorities for the record, change, or cancellation procedures.
    31st international networking of computer information systems involving State secrets shall not, and shall take security measures with the international network is completely isolated; computer information involving State secrets shall not be with international networking storage, transmission and processing.
    32nd article computer information system application units open computer information network electronic announcement system, and news discussion group, broadcast type spread media, should to police organ record, and perform following security duties: (a) implementation hand is responsible for, and 24 hours duty system; (ii) established user registration and information management system; (three) strengthening information monitoring, found harmful data should immediately take corresponding measures and timely to police organ report.
    33rd computer information system unit using public account for the Internet Cafe, Internet, Internet Club, open international networking activities, shall carry out the following responsibilities for network security: (a) establish a safety management system, implementation of security protection measures and (b) establish user registration and supervision and management system, (iii) to discourage, stopping illegal online activities, and to report to the public security organs in a timely manner.
    Sixth chapter penalty is 34th article violation this approach provides, has following behavior one of of, by police organ ordered corrected; refused to corrected of, sentenced 100 Yuan above 1000 Yuan following of fine: (a) important industry, and focus units of computer information system application units not established computer security management organization of; (ii) not developed and implementation specifically of computer viruses and other harmful data management system of; (three) on computer information system in the occurred of security accident and computer illegal crime case not report of. 35th article violation this approach provides, has following behavior one of of, by police organ ordered corrected, give warning, or on units sentenced 5000 Yuan above 10000 Yuan following of fine; on personal sentenced 1000 Yuan above 5000 Yuan following of fine: (a) unauthorized public held computer viruses mechanism of lecture, and training or unauthorized to social released computer viruses outbreak of; (ii) manufacturing, and sales, and rental, and maintenance, and
    Gift of the commercial computer products carry computer viruses and other harmful data, (iii) communication, manufacturing, publishing, reproduction and sale of computer virus source and other harmful media endangers computer information system security or manufacture and sale of reactionary, yellow, piracy of electronic media; (iv) endangers computer information system security construction.
    36th article violates these rules, deliberately entering computer viruses and other harmful data undermining the security of computer information systems, by the public security organs in a warning or fined a maximum of 3000 Yuan more than 15,000 yuan for units; more than 1000 Yuan for individuals of up to 5000 Yuan fines illegal income, apart from the forfeiture, and may impose a fine of illegal gains between 1 and 3 times times.
    37th article violation this approach provides, has following behavior one of of, by police organ give warning, and ordered stop networking, can and at 15,000 yuan following of fine: (a) and international networking not by provides to police organ handle audit or record procedures of; (ii) will involved national secret of computer information system and international networking of; (three) will involved national secret of computer information and international networking storage, and transmission, and processing of.
    38th article violation this approach provides, has following behavior one of of, by police organ ordered deadline corrected, give warning, has illegal proceeds of confiscated illegal proceeds; in provides of term within not corrected of, on units of competent is responsible for personnel and other directly responsibility personnel can and at 1000 Yuan above 5000 Yuan following of fine, on units can and at 5000 Yuan above 15,000 yuan following of fine; plot serious of, and can give 6 months within of stop networking, and downtime reorganization of punishment:
    (A) the Internet without protection management systems or security technology protection measures taken by international networking, (ii) open international networking business units do not establish registry and information management system.
    39th in violation prescribed in this way, if the circumstances are serious enough to constitute a crime, criminal responsibility shall be investigated according to law.
    40th statutory inspection of computer information systems unit business secrets leak detection units should be liable.
    Law enforcement of public security organs in the process of implementing this approach neglects his duty, bribes, malpractice, leaking trade secrets management people, constitute a crime, criminal responsibility shall be investigated according to law; do not constitute a crime, administrative sanctions.
                                                                            Seventh chapter supplementary articles article 41st these measures as of the date of promulgation.