Key Benefits:
(Summit No. 53 of 25 October 2004 of the Government of the People of the State of the State of Alejane considered the adoption of the Decree No. 211 of 3 November 2004, which was published as effective 1 January 2005) Chapter I General Article 1, in order to strengthen the security protection of computer information systems, preserve public order and social stability, promote the health development of information and develop this approach in line with the provisions of the National People's Republic of China's Computer Information System Safety Protection Regulations, the Provisional Provisions for Computer Information Network management in the People's Republic of China. The computer information system referred to in Article 2 of this approach refers to the system of persons processed by computers and their associated and accompanying equipment, facilities (which contain lines, wireless networks, etc.) and the collection, processing, storage, transmission and retrieval of information in accordance with certain application objectives and rules, including the Internet, LAN, mobile networks. Article 3 protects the safety of computer information systems within the State's administrative region and applies this approach. Article IV The Public Information Network of the State Department of Public Security is specifically responsible for the management of computer information systems in the area of the city (except the depression of mountainous areas, the remainder of the area). The Public Security Bureau and the Depression of Mountains and the Public Security Division of the Détachement Zone are responsible for the safe management of computer information systems in the context of this administrative region. National security authorities, confidential bodies, information-policy administrative authorities and other relevant government functions are responsible for the management of computer information systems safety within their respective responsibilities. Article 5 Public security authorities, national security authorities, confidential authorities, information-policy administrative authorities and other relevant Government functions should establish mechanisms for coordinating cooperation management and co-ordinated computer information systems security management. Article 6. Public security authorities, national security authorities, confidential authorities, information-policy administrative authorities and other relevant government functions should protect the legitimate rights and interests of computer information systems using units and individuals in order to preserve their confidentiality. Computer information systems use units and individuals should assist the relevant functional sectors, such as public security agencies, in the management of computer information systems. The use of units and individuals should provide technical information on the Unit's computer information system, if any, when the relevant functions, such as public security authorities perform their management duties under the law. Article 7. Safety and protection of computer information systems, with a focus on maintaining the safety of computer information systems in key areas and units, such as national affairs, public interest, economic construction, sophisticated science and technology (hereinafter referred to as the priority security protection units): (i) National organs at all levels; (ii) Financial, securities, insurance, freight, energy, transport, social security, post-mail communications and other utilities units; (iii) Focus on scientific research, education units; (iv) Business in the relevant State; (v) Intermodal units engaged in international networking, access units and focus administration, commerce, information sites; (vi) Provide access services to the public; (vii) The development, operation and maintenance of internet interfaces, such as games, short-range transmittals, various chat rooms; (viii) Other computer information systems that have a significant impact on the public interest of society. Chapter II Safety management of computer information systems use units Article 8. The computer information system should establish systems such as personnel management, air tenure management, equipment facilities management, data management, magnetic quality management, import control management and safety oversight, the sound computer information system and the safety of computer information systems in this unit. Article 9. The computer information systems use units should identify the personnel responsible for the safe management of computer information systems in this unit. The responsibility for security management should perform the following duties: (i) Organizing laws, regulations, regulations and related policies for the safe protection of computer information systems; (ii) Organizing technical measures for the safety and protection of computer information systems in this unit; (iii) Organization of safe education and training for computer practitioners in this unit; (iv) Regularly organize inspections of the safe operation of computer information systems and in a timely manner exclude the safe concealment. Article 10 The computer information systems use units should be equipped with the computer information system safety technicians of this unit. Safety technicians should perform the following duties: (i) Strict implementation of technical measures for the safety and protection of computer information systems in this unit; (ii) Examination of the safe operation of computer information systems and the timely exclusion of security concealments; (iii) When a security accident or a criminal offence occurs in the computer information system, it should be reported promptly to the unit and take appropriate measures to protect the ground and avoid the expansion of the damage; (iv) Other relevant technical information on the collection of web-based models for the Unit and information systems. Article 11. Priority security protection units should be established and implemented as follows: (i) The security management system of computer air fleets; (ii) The security management responsibility regime for the safety and security of personnel; (iii) Web safety loopholes and systems upgrading management systems; (iv) Operational competence management systems; (v) The user registration system; (vi) The publication of a review, registration, preservation, clearance and backup system; (vii) The confidentiality of information; (viii) The security emergency response system of information systems; (ix) Other relevant security protection management systems. Article 12. Priority security protection units should implement the following safety protection technical measures: (i) The lengthy measures of important parts of the system; (ii) Explicit and confidential measures for critical information; (iii) Computer and harmful data control measures; (iv) Web attacks on prevention and tracing measures; (v) Safety audits and early warning measures; (vi) Limitation measures by information groups; (vii) Other relevant safety protection measures. Article 13 focuses on the safety management responsibilities of the security protection units and safety technicians, and should be trained in computer information systems safety knowledge. Article 14. Priority security protection units should be subject to a 24-hour surveillance of their main server input into the exporting data, and the detection of abnormal data should focus on the protection scene and report on the relevant functional sectors, such as public security authorities. Article 15. The use and sale of specialized products for the safety of computer information systems must be products legally obtained for the sale of licenses for specialized products for the safety of computer information systems. The sales unit for the sale of computer information systems-specific products in this city shall be reported to the municipal public safety bureau. The Municipal Public Security Agency shall publish a circular on a regular basis to publish a directory of qualified computer information systems for safety. The management of specialized products of confidential technology is carried out in accordance with the relevant provisions of the State and the provinces and municipalities. Article 16, when the computer information system has found cases of security accidents and offences committed in computer information systems, reports should be made available to local public security authorities within 24 hours, and be retained on the ground in the original records such as the day of operation. In cases involving major security accidents and violations of the law, the use of units may not be reinstated and removed from the site without investigation or consent from the public security authorities. With regard to the statutory powers of other management, the public security authorities should inform the relevant sectors in a timely manner after the receipt of the report. In cases where the computer information system has a sudden incident or a security concealment, which may endanger public safety or undermine public interest, the relevant functional sectors, such as public security agencies, should promptly inform the computer information system's use units to take security protection measures and have the right to take a suspension of emergency measures such as networking, parking machine inspections, back-up data, and that the computer information system should be synchronized. In the aftermath of the sudden incident or the removal of security shocks, the relevant functional sectors, such as the public security authorities, should immediately lift the suspension of networking or inspection measures and restore the normal work of computer information systems. Chapter III The computer information system, which focuses on security protection units, provides for new construction, alteration and expansion, and its safety protection design programmes should be presented to public security authorities. After the establishment of the system, the focus on security protection units should be conducted for a period of between 1 and 6 months and would be entrusted to the eligible inspection body to conduct a safety and security system test of its system, to test eligibility and to invest in the formal functioning of the system. The focus on security protection units should report on the identification of qualified reports to public security authorities. The construction, testing, etc. of a computer information system, is carried out in accordance with the relevant provisions of national and provincial and municipal authorities. Article 19 (i) Implementation and implementation of safety protection management systems and safety protection technical measures; (ii) Computer hardware and the environment; (iii) reliability of computer systems software and applications; (iv) Technical testing and other relevant circumstances. The municipal public safety bureaux should develop and publish safety requirements for the priority industry computer information system based on the industrial characteristics of the security protection of computer information systems. Article 20, when the focus on security protection units update or renovate the computer information system, has a direct impact on the safety and security system and should be entrusted with the testing of the affected components and to ensure that they comply with the safety requirements of the computer information system of the industry. Article 21 focuses on the security protection of the computer information system, which should be monitored on a regular basis by eligible monitoring bodies for the safety and security of computer information systems and will be tested for qualified reporting to the public security authorities. Inadequate testing, priority security protection units should be restructured in accordance with the safety requirements of the computer information system of the industry, which would be required after the changes were made and the system could continue to operate. Article 2 should be examined by the public security authorities in the same sector, in accordance with the relevant national regulations and the relevant industry safety requirements, and the computer information systems of the priority security protection units. Inspections include: (i) Implementation of the security protection management system and security protection technical measures; (ii) Security of computer information systems entities; (iii) Safety of computer network communications and data transmission; (iv) Safety of computer software and databases; (v) Implementation of computer information systems safety audits and security accident response measures; (vi) Security of other computer information systems. The relevant functional sectors, such as public security authorities, found that the computer information system, which focuses on security protection units, is safely hidden, may endanger public safety or jeopardize public interest, may entrust the eligible inspection body to test its safety and security system. As a result of the identification of security issues, priority security protection units should be rebuilt immediately. Article 24, when testing bodies conduct computer information systems safety tests, should guarantee the proper conduct of the activities of the monitoring units and not disclose their confidentiality. The testing body should conduct a rigorous examination in accordance with the relevant national provisions and relevant norms and assume legal responsibilities for the testing reports it contains. Chapter IV Public Order Management of computer information networks Article 25 Internet interfaces and units and individuals applying for Internet information services should, in addition to the relevant national procedures, be held from within 30 days of the date of official internet connectivity to the public security authorities to conduct security clearance proceedings. Article 26 The user should complete the user request form when entering into the web process. The entry units should regularly report local public security authorities on the user of the network. Article 27 establishes Internet-based service places and shall apply to public security authorities for online safety clearance, in accordance with the provisions of the Regulations governing the management of operating places of service on the Internet. Upon review of qualifications by public security authorities and the issuance of a security licence certificate for Internet access to the Internet's services network, the relevant approval procedures are taken in the cultural, commercial and industrial sectors. Changes in the place of business of Internet-based service providers or alterations, expansions of the place of business, changes in the number of computers or other important matters should be agreed by the pre-approval authority. Changes in names, residences, statutory representatives or principals, registered capital, web addresses or termination of business activities on the Internet should be registered or cancelled in accordance with the law and in the business administration sector, as well as in the cultural administration, public security agencies. Article twenty-eighth operators of Internet-based services must use fixed IP address networks and provide for the implementation of safety protection technology measures. The operating units of Internet-based service providers shall be registered electronically by providing for the registration of Internet personnel, including names, identification numbers, end-of-service hours, and shall be incorporated in a copy of the information. The registration content and the record-keeping period shall not be less than 60 days and shall not be amended or deleted during the maintenance period. No units or individuals may engage in activities that endanger the safety of computer information networks, as follows: (i) An open e-mail address to third parties without authorization for access to e-mail or for profit and non-regular use; (ii) The intentional transmission of garbage to others or the transfer of e-mail in the name of others; (iii) The use of computer information networks to disseminate a short letter of harmful handicrafts; (iv) Violations of privacy, theft of others and the conduct of online fraud; (v) To scann information networking gaps without the consent of all of the computer information networks; (vi) The use of computer information networks to stimulate public malicious comments on the privacy of others or to openly issue personal attacks on others; (vii) Other violations against the safety of computer information networks. Article 33 The units and individuals involved in the operation of the information network shall comply with the following provisions: (i) The development of a security protection management system for the safe education of the network users; (ii) Implement safety protection technical measures to guarantee the operation of the network and the safety of information it has issued; (iii) The establishment of an information review system, the establishment of an information reviewer and the identification of harmful information, shall be deleted in a timely manner after the maintenance of data; (iv) The identification of all types of cases in article 29 of this approach shall preserve the relevant nuclear audit records and report immediately to the public security authorities; (v) Implementation of restrictions on the flow of information, anonymous transmission restrictions and harmful data control measures; (vi) Implementation of the systematic operation and the use of logic by Internet users; (vii) Reports of various types of access and basic data, as requested by public security authorities. Article 33 found that the computer information network was spreading, transmitting garbage, transmitting a short letter or disseminating harmful information, and that the operation, service units and individuals of the information network should take technical measures to protect and end it and report to the public security authorities within 24 hours. Public security authorities have the power to impose technical measures or to take initiatives to protect and end the information networks that do not take technical measures. Article 32 provides regular monitoring by public security authorities of the security situation of computer information networks, the state of public order, the prompt handling of incidents that endanger information security and endanger public order, and the timely notification of the reconfiguration of the relevant units and individuals. Chapter V Legal responsibility In violation of this approach, one of the following acts is warned that the time limit is being changed and may be fined by more than 100,000 dollars; in the case of serious circumstances, a penalty for the end of six months can be granted: (i) The lack of a security protection management system or the non-implementation of security protection technical measures against the safety of computer information systems; (ii) The computer information systems use units do not report security accidents and violations in computer information systems at specified time, causing harm; (iii) The computer information system, which focuses on security protection units, does not detect or detect qualifications, is fully operational. In violation of this approach, the sale of specialized products for the safety of computer information systems has not been made available to the public security authorities, warnings that the time limit is being changed and may be fined by more than 200 dollars. In violation of this approach, the units and individuals accompanying or participating in Internet information services do not conduct security clearance proceedings, alert the period of time being responsibly and may be fined by more than 5,000 dollars; in exceptional circumstances, they can be punished by the end of six months. Article 36, in violation of this approach, does not obtain a security permit for Internet-based information networks operating on Internet-based service providers to carry out Internet-based service activities, impose a deadline for filling office and impose a fine of up to $100,000. Article 37 provides for one of the acts provided for in article 29 of this scheme, warning that the time limit is being changed and may be fined up by more than 5,000 dollars; in exceptional circumstances, it may be punished for the end of six months. Article 338, in violation of article 31 and article 31, paragraph 1, of the present approach, gives warning that the time limit is being changed and may be fined by more than 100,000 dollars; in the case of serious circumstances, it can be punished by the end of six months. Article 39 Safety management responsibilities of the computer information system user units and safety technicians do not fulfil their responsibilities under this approach, causing safety accidents or major damage, warnings and recommending that their units provide administrative disposal in accordance with the relevant provisions. Article 40 imposes administrative penalties under this approach, within the city area (other than the Depression of Mountains, the Rélejane region) is the responsibility of the Public Information Network Safety Monitoring Unit of the Municipal Public Security Agency; the districts (market) and the Depression of mountainous areas are responsible for the Public Security Bureau of the various districts (markets) and the Depression of Mountains, the Public Security Branch of the remaining Slejan Zone. Article 40 punishes violations of the provisions of this approach, involving other relevant legal texts, by law. In violation of the security administration, penalties are imposed in accordance with the provisions of the National People's Republic of China Regulation on the Administration of Punishment, which constitutes an offence and is criminally prosecuted by law. Article 42, in violation of the present approach by the staff of the executive branch, toys negligence, abuse of authority, provocative fraud, are subject to administrative disposition by their units or departments concerned, in accordance with the relevant provisions; and constitute a crime and criminal responsibility by the judiciary. Annex VI Article 43 In accordance with the provisions of this approach, the Municipal Public Security Agency may establish the relevant enforcement rules. Article 42 |
