Level 3 requirements for information system security operation and maintenance service qualification:
(A) the legal status requirements
The independent legal person organization registered in People's Republic of China (PRC) has a clear development process and a clear property right relationship.
(2) Financial credit requirements
In the past three years, it has been in good operating condition, and its financial data are true and credible. Financial audit reports for the last three years issued by accounting firms registered in People's Republic of China (PRC) and China shall be provided.
(3) Office space requirements
Have a long-term fixed office space and suitable office conditions, which can meet the needs of institutional setup and business.
(four) personnel quality and qualification requirements
A) The person in charge of the organization has more than 2 years of management experience in the field of information technology.
B) The technical director has obtained a master's degree or above in information security related major or an intermediate title in electronic information technology major, and has been engaged in information security technology for more than 2 years.
C) The person in charge of finance has the title of junior or above in financial series.
D) More than 65,438+00 employees are engaged in information security service.
E) There shall be at least two information security professionals Certification staff (consistent with the declared category).
F) 1 above personnel with project management qualification certificate.
(5) Performance requirements
A) Engaged in information security service (consistent with the declared category) 1 year or more.
B) At least 65,438+0 information security service projects have been signed and completed in recent 3 years (consistent with the declared category).
(6) Service management requirements
A) Abide by relevant national laws, regulations and standards, have no record of violation of laws and regulations, and have good credit standing.
B) Establish personnel management procedures and capability evaluation indicators; Formulate business and skill training plans, and regularly train and assess relevant personnel.
C) Establish document control procedures, define document management responsibilities, designate management personnel, and ensure proper custody of project documents.
D) Establish a project management system and implement it according to the system.
E) Provide resources to ensure the implementation of the information security service project.
(7) Service contract requirements
A) Understand the specific requirements of customers and industries for information security service.
B) Determine the scope of information security service.
C) Sign information security service contract or agreement.
(8) Service safety requirements
A) Meet the requirements of service safety laws and regulations.
B) Meet the safety requirements when signing service contracts with customers.
C) Establish a confidentiality management system and define the post confidentiality responsibility.
D) Protect the sensitive customer information and intellectual property information in contact with customers according to customers' requirements, and ensure that service personnel understand customers' relevant requirements.
E) Sign confidentiality agreements with relevant personnel and conduct confidentiality education.
F) Ensure that its suppliers meet the above service safety requirements.
(9) Service technical requirements
A) Establish information system security operation and maintenance process.
B) Formulate information system security operation and maintenance service specifications and implement them according to the specifications.