Key Benefits:
(Act No. 223 of 30 September 2006 of the People's Government Order No. 223 of the Zangang Province, which came into operation effective 1 January 2007) Chapter I General Article 1 enhances and regulates the management of information security levels, enhances information security and safety capacities, protects national security, public interest and social stability, promotes information-policy and develops this approach in line with relevant national provisions. The construction, operation and use of information systems in the administrative areas of the province must be followed. Article III protects the information security hierarchy referred to in this approach by providing for the appropriate level of protection for the storage, transmission, processing of information systems that require the protection of the various types of information at the security level, and by introducing a hierarchy of responsive and disposal security systems for information security emergencies in the information system. The information referred to in article IV herein refers to information about the storage, transmission and processing of languages, languages, voices, images, figures, etc. through information systems. The information system referred to in this approach refers to the system of operation for the storage, transmission and processing of information in accordance with certain application objectives and rules, which are composed of computers, information networks and their accompanying facilities, equipment. Article 5 The information system should implement the principle of synchronization, dynamic adjustment and who is responsible for the protection of the information security hierarchy. More than 6 people at the district level should strengthen their leadership in the protection of the information security hierarchy by integrating the protection of the information security hierarchy into information-management planning, coordinating, addressing critical issues and establishing the necessary financial and technical security mechanisms. Article 7 More than the people at the district level should work in line with the division of responsibilities to implement the responsibility to protect the management of information safety levels. Chapter II Article 8 establishes the level of protection corresponding to the information system, in accordance with the importance of the information contained in the information system, the degree of reliance on the system and the level of damage to the economy and society after the systematic destruction. The level of protection of information systems is divided into five levels: (i) The information contained in the information system concerned the rights and interests of citizens, legal persons and other organizations, which were damaged by the destruction of the information system, may be directly replaced by other means, affecting the rights and interests of citizens, legal persons and other organizations, without prejudice to national security, social order, economic construction and public interest, and at the level protected by the operating units; (ii) The information contained in the information system relates directly to the rights and interests of citizens, legal persons and other organizations, which, after the destruction of the information system, will affect the normal conduct of operations and undermine the national security, social order, economic construction and public interest, and protect at the secondary level by the operating units under the guidance of the regulatory sector for the protection of information security; (iii) The information contained in the information system relates to national, social and public interest, which, after the destruction of the information system, will seriously affect the normal functioning of the operation and cause greater damage to national security, social order, economic construction and public interest, and to protection by the operational units under the supervision of the regulatory component of the information security hierarchy; (iv) The information contained in the information system relates directly to national, social and public interests, which are undermined by the destruction of the information system, which cannot be properly addressed and seriously undermine national security, social order, economic construction and public interest, while at the fourth level protection is provided by the operating unit in accordance with the mandatory requirements of the regulatory sector in the area of information security; (v) The information contained in the information system is directly linked to national security, social stability, economic construction and operation, and the information system has been damaged, causing particular serious harm to national security, social order, economic construction and public interest, and protected by the operation unit under the exclusive control of the specialized departments designated by the State, specialized agencies. Article 9 The level of protection of basic information networks and key information systems should be reviewed in the context of the design of the information system. Article 10: Levels of protection of basic information networks and key information systems and the implementation of expert evaluation systems. The provincial, district-based and municipal information-management authorities should establish provincial, municipal information systems protection expert evaluation teams, and organize reviews of the level of protection of the basic information networks and key information systems across the province and relations. Specific rules for the declaration and finalization are developed by the provincial information-based administrative authorities in conjunction with the provincial public security sector and reported to the provincial Government. Article 11 provides information systems that contain multiple subsystems, the level of protection should be determined on the basis of the significant levels of the various subsystems. Article 12. After the completion of the information system, its operation, use units shall conduct safety inspections in accordance with the relevant national technical norms and standards, which are consistent with the requirements and can be used. Within thirty days of the date of operation of information systems or changes in the system, operational, use units should select the information system protection hierarchy or validate the case of the Government's public security sector at the district level where the situation is reported. The specific rules of the request were developed by the provincial public security sector. The information system involves State secrets and the operation, use units should be implemented in accordance with the relevant provisions of confidentiality laws, regulations and regulations. Article 14. The operation, use units of information systems should be established in accordance with relevant national technical norms and standards, a protection management system for information security, the implementation of security protection responsibilities, the adoption of corresponding security protection measures and the effective security of the information system. The operation of the information system, the use of its units, should establish a system of daily monitoring of the security situation of the information system, strengthen the day-to-day maintenance and security management of information systems, and address security in a timely manner and ensure the safe and systematic functioning of the information system. The operation, use of basic information networks and important information systems should conduct a comprehensive assessment of the information security situation in the system every year, in accordance with relevant national technical norms and standards, or a security assessment of units with corresponding qualifications. Article 16 states that, when information security emergencies occur, a decentralized response and emergency response should be implemented in accordance with the degree of control, geographical impact and information systems of the event. Sub-level responses and emergency disposal are carried out in accordance with the provisions of the provincial network and information security emergency preparedness. In the event of a sudden public incident, the communications base network should be implemented in accordance with the provincial provisions for the protection of emergency preparedness. Chapter III Oversight management Article 17 (i) To promote, guide the protection of the level of information security; (ii) Monitoring, inspection of the operation of information systems, the implementation of the safety hierarchy of protection management systems and technical measures for the use of units; (iii) To receive information systems protection hierarchy; (iv) The lawful investigation of the offences of the operation, use of units and individuals of the information system; (v) Other relevant work to protect the level of information security. Article 18 (i) To promote and guide the protection of the security hierarchy of information involving State secrets; (ii) Receive the information systems protection hierarchy involving State secrets; (iii) Disclosure and Mitigation by law; (iv) Other relevant work involving State secrets in the protection of information security hierarchy. Article 19 password management should work in accordance with the division of responsibilities to strengthen oversight, inspection and guidance for the protection of the safety hierarchy of information related to the management of passwords, and to identify violations of password management in the protection of the information security hierarchy. Article 20 (i) Guidance, coordination of the protection of the level of information security; (ii) Organization of guidelines for the protection of the level of information security; (iii) Organization of expert review of the protection hierarchy of information systems; (iv) Information and technical advice on the protection of the safety hierarchy for relevant units; (v) To organize emergency response efforts to implement information security emergencies, in accordance with the provisions of advance cases; (vi) Other relevant work to protect the level of information security. Article 21, Construction, operation and use of information systems, should be guided, inspected and monitored in the relevant sectors, in accordance with the relevant provisions of national and present approaches. The operation, use of information systems units, the occurrence of sudden public incidents in operation, the use of information security, the release of bleak incidents, should take effective measures in a timely manner, in accordance with emergency pre-referral requirements, to prevent the expansion of events and to report promptly to the relevant authorities to cooperate with emergency response. Chapter IV Legal responsibility Article 2 violates the provisions of this approach, and the relevant legislation, legislation and regulations have administrative penalties. Article 23 operates, uses units violates this approach by failing to establish a level of protection of information systems or the level of protection chosen by themselves is not in accordance with the relevant national technical norms and standards, with the time limit being converted by the public security sector and warnings; the late refusal to correct, with a fine of over two thousand dollars. Article 24, the operation of the information system, the use of units, in violation of article 12, paragraph 1, of the present approach, is subject to a period of time and warning by the public security sector; a fine of two thousand dollars overdue. Article 25 Functioning and using the information system, in violation of article 14 of this approach, does not establish a system for the protection of information security, the enforcement of the responsibility and measures for security protection, which is modified by the public security sector, and warnings; late refusals are not rectified, with a fine of more than five thousand dollars for the operation, and a fine of $200 million for non-commercial service. Article 26, in violation of article 15, paragraph 1, of the present approach, provides that information systems operate, use units do not establish a system of daily monitoring of the security situation of the information system, are subject to a period of time and warning by the public security sector; the late refusal to be corrected, with a fine of up to $200 million. In violation of article 15, paragraph 2, of the present approach, the basic information network operated, used units with important information systems, did not conduct regular evaluation of the information security situation in the system, and was ordered by the public security sector to change the deadline and to warn; the late refusal to correct, fined the amount of $200 million for the operation, and fined the non-commerciality. Article 27 regulates the operation of information systems, the use of units, in violation of article 21, paragraph 2, of this approach, and is being corrected by an administrative authority responsible for informationization at the district level, gives warning, imposes a fine of up to three thousand dollars of the operation, pays for non-operational and fines of two thousand dollars, and covers leading, malfunctioning and processing in accordance with the provisions of the relevant legislation, regulations, regulations and regulations. Article 28 protects the regulatory sector and its staff by one of the following acts, either by its competent authorities or by the inspectorate responsible for the direct responsibility of the competent and other directly responsible persons under the law. (i) Failure to perform oversight functions in accordance with this approach; (ii) Defining the level of protection of information systems in violation of national and present approaches; (iii) Execution of administrative penalties in violation of statutory procedures and competence; (iv) Toys negligence, abuse of authority and provocative fraud in the performance of oversight management duties; (v) Other acts of administrative or disciplinary disposal should be given by law. Article 29 violates the provisions of this approach and constitutes a crime and is criminalized by law. Chapter V Article 33 has already been established before the implementation of this approach, and the operational, user units should establish a corresponding level of protection in accordance with this approach. Article 31 of this approach was implemented effective 1 January 2007. |
