Administrative Measures On Information Security Classified Protection In Zhejiang Province

Original Language Title: 浙江省信息安全等级保护管理办法

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
(September 30, 2006, Zhejiang Province people's Government promulgated as of January 1, 2007, No. 223) Chapter I General provisions article to strengthen and standardize information security classified protection management, improving information security, safeguarding national security, public interests and social stability, promote information construction, according to the relevant regulations of the State, combined with the facts of the province, these measures are formulated.
    Article construction, operation, and use of information systems within the administrative area of the province, are required to comply with these measures.
    Article of information classified security protection in these measures refers to state regulations require implementation of all kinds of information classified security protection of storage, transmission and processing of information systems for the appropriate level of protection, information on the information system security public emergency grade response and disposition of security systems.
    Information in the fourth article of the measures, by means of information systems for the storage, transmission and processing of language, texts, sound, images, numbers, and other information.
    Information systems in these measures refers to computers, information network and its supporting facilities, equipment, according to certain rules of application goals and information storage, transmission and processing system.
    Article fifth classification of information classified security protection should follow implementation, accountability, principles that ensure security; provide basic information network and an important continuity of security of information systems of various types of information and information processing.
    Information system shall be in accordance with the requirements of information classified security protection, who carry out simultaneous construction, dynamic adjustment, who runs the principle of responsibility.
    Sixth people's Governments above the county level shall strengthen leadership of information classified security protection, information construction of information classified security protection into the planning, co-ordination, address the major issues, and establish the necessary financial and technical protection mechanisms.
    Seventh people's Governments above the county level public security, national security, privacy, passwords, information technology and other administrative departments shall, in accordance with State and this regulation, carry out regulatory duties.
    Other relevant departments of the people's Governments above the county level shall be in accordance with the Division of responsibilities, implement information security classified protection management responsibility and coordinate with related work.
    Chapter II protection rating and hosted by article eighth depending on the information system the importance of information, business processing system of dependence, and after the destruction of the system of harmful levels of economic, social, and determine the appropriate protection level of the information system. Information system of protection grade is divided into following five level: (a) information system hosted of information involved citizens, and corporate and other organization of interests, information system was damage Hou, business can directly with other way alternative processing, on citizens, and corporate and other organization of interests has must effect, but not damage national security, and social order, and economic construction and public interests of, for level protection, by operation units independent protection; (ii) information system hosted of information directly involved citizens, and corporate and other organization of interests, Information system was damage Hou, will effect business of normal processing, and on national security, and social order, and economic construction and public interests caused must damage of, for II level protection, by operation units in information security grade protection work regulatory sector of guide Xia for protection; (three) information system hosted of information involved national, and social and public interests, information system was damage Hou, will serious effect business of normal processing, and on national security, and social order, and economic construction and public interests caused larger damage of,
    For three level protection, by operation units in information security grade protection work regulatory sector of supervision Xia for protection; (four) information system hosted of information directly involved national, and social and public interests, information system was damage Hou, business cannot normal processing, and on national security, and social order, and economic construction and public interests caused serious damage of, for four level protection, by operation units according to information security grade protection work regulatory sector of forced requirements for protection;
    (V) information systems-hosted information directly related to national security, social stability, economic development and operation of information system after destruction, to national security, social order, economic development and public interest cause exceptionally grave damage to five-level protection, specifically designated by operating unit in the State Department, carried out under the protection of the specialized agencies.
    Nineth information system construction, operation, and use of, shall, in accordance with the relevant technical specifications, standards and these measures under article eighth selected its own information system the appropriate protection class.
    Basic information important information systems network and level of protection, the construction unit shall at the time of planning and design of the information system, certified in accordance with article tenth of this approach.
    Tenth information important information systems network and protection level, implementation of the expert system. Provincial and municipal information administrative departments shall be divided into districts were established provincial and municipal information system protection level expert group, and the Organization of the province and the city's information network and important information systems validation protection level.
    Application and validation of specific details, relevant departments for information by province province public security Department and submitted to the provincial people's Government for the record.
    11th for the information system that contains multiple subsystems should be based on the degree of importance of each subsystem, respectively determine the protection level.
    Upon completion of the 12th information system construction, operation, and use shall be in accordance with the relevant technical specifications and standards for security, to meet the requirements of, and be put into use. 13th system put into operation or system changes within 30th of, operation, and use of information systems protection level should be selected or approved local people's Governments above the county-level public security departments.
    Record the specific rules developed by the provincial Department of public security.
    Information systems involve State secrets, operation, and use shall be in accordance with the relevant privacy laws, rules, and regulations shall apply.
    The 14th information systems operations, and use of, shall, in accordance with the relevant specifications and standards, establishing information security classified protection management system, implementation of security responsibility, take appropriate security measures to ensure normal and safe operation of the information system.
    15th the operation of information systems, and use of, information systems security in daily detecting system should be established to strengthen the day-to-day maintenance and safety management information system, eliminate security risks in a timely manner to ensure information security and system uptime.
    Basic and important information systems operations, and use of information networks, should be in accordance with the relevant technical norms and standards, annual information systems conducted a comprehensive assessment of the security situation, may also entrust qualified security assessment in their premises. 16th section public information systems information security events, shall be according to the event's controllability, geographic scope and the extent of the destruction of information systems, a graded response and emergency management.
    Graded response and emergency management in accordance with the provincial network and information security emergency provisions.
    The communications infrastructure when there is a public emergency should be in accordance with provincial regulations on communications security emergency. Third chapter supervision management 17th article County above Government police sector law on operation, and using information system of units of information security grade protection work implementation supervision management, and do following work: (a) urged, and guide information security grade protection work; (ii) supervision, and check information system operation, and using units of security grade protection management system and technology measures of implementation situation; (three) accepted information system protection grade of record; (four) law investigation information system operation, and
    Violations of the use of units and individuals, (v) other relevant work of information classified security protection.
    18th security departments in accordance with the Division of responsibilities, work well done according to law the following: (a) supervision, guidance information relating to State secrets classified security protection work; (b) the filing of an information system for cases involving State secrets protection level, (iii) to investigate information leaked, compromised the event and (iv) information classified security protection of State secrets are involved in other related work.
    19th password management should be in accordance with the Division of responsibilities in accordance with the relevant work, enhancing the protection of information related to password management security monitoring, inspection and guidance, and information classified security protection in violation of password management and event. 20th article information administrative competent sector should strengthening on information security grade protection work of guide, and service, and coordination and management, and do following work: (a) Guide, and coordination information security grade protection work; (ii) organization developed information security grade protection work specification; (three) Organization experts validation information system of protection grade; (four) for related units provides information security grade protection of about information and technical advice; (five) according to plans provides,
    Organization of information security emergency handling of unexpected public events; (vi) information classified security protection of other related work.
    21st construction, operation, and use of the information system shall be in accordance with the relevant provisions of the State and this way, of information classified security protection work, accept the guiding, inspecting and supervising the management of the departments concerned.
    Information systems operations, and use of, information security in the operation, using public emergencies, leaked secrets event, shall, in accordance with the emergency plan demands to take timely and effective measures to prevent the situation from expanding, and to immediately report to the relevant authorities, coordinate emergency handling.
    The fourth chapter legal liability article 22nd acts in violation of these rules, the relevant provisions of laws and regulations on administrative penalties from its provisions.
    23rd information operations, used in violation of this regulation, not to set up information systems protection level or selected by the protection level does not meet the relevant specifications and standards of the State, by the Public Security Bureau rectification, and given a warning limit; it refuses to, between 2000 and 1000 Yuan fine.
    24th information systems operations, used in violation of this article 12th, 13th paragraph, by the Public Security Bureau rectification, and give warning fails, fine at 2000.
    25th information systems operations, and use in violation of these regulations article 14th, failing to establish information security classified protection management system, implementation of security responsibilities and measures, by the Public Security Bureau rectification, and given a warning limit; it refuses to, operating more than 5,000 yuan to 50,000 yuan fine, fine at 2000 to non-operational.
    26th article violates this way the 15th article, information systems operations, and use of information systems security in daily detecting system has not been established, by the Public Security Bureau rectification, and given a warning limit; it refuses to, between 2000 and 1000 Yuan fine.
    Disobey the 15th article provides that basic information and important information systems network operations, and use of, not for information system security assessment of the situation on a regular basis by the public security Department be ordered to rectify, and given a warning limit; it refuses to, operating at less than 2000 Yuan and 20,000 yuan of fine, fine at 2000 to non-operational.
    27th information systems operations, and use of violation of the provisions of the second paragraph of this article 21st, be ordered by the competent administrative Department of the people's Government above the county level information to correct, given a warning on operating and fines of between 5,000 yuan and 30,000 yuan, on penalty of non-operational and Office 2000 involving leaked, compromised, in accordance with the relevant laws, regulations, rules of confidentiality provisions.
    28th article on information security classified protection supervision departments and their staff, one of the following acts, by its competent department or Ministry departments directly in charge of personnel and other persons directly responsible shall be given administrative or disciplinary action.
    (A) execute supervisory and management responsibilities in accordance with these rules, (ii) in violation of State and approval as provided herein information system protection level, (iii) the violation of legal procedures and authorities impose administrative penalties; (d) in carrying out supervision duties, dereliction of duty, abuse of authority or engages in (v) shall be given administrative or disciplinary action.
    29th in violation of these rules constitutes a crime, criminal responsibility shall be investigated according to law.
    Chapter fifth supplementary provisions article 30th in this way have been built before the implementation of information systems, operations, units should be established in accordance with this regulation the appropriate protection class.
                                    31st article this way come into force on January 1, 2007.