1. General
1. 1 In order to strengthen the safety management of archival digitization outsourcing and ensure the safety of archival entities and information in the process of archival digitization, this specification is formulated according to relevant national laws and standards.
1.2 Archives departments at all levels (hereinafter referred to as "archives departments") and various archives shall carry out archives digitization outsourcing, and archives digitization processing service institutions with independent legal personality (hereinafter referred to as "digital service institutions") shall undertake archives digitization outsourcing services and conduct safety management in accordance with this Code. Archives departments can implement safety management with reference to this specification when implementing archives digitization by themselves.
1.3 The digital outsourcing files mentioned in this specification refer to non-confidential files, and the digitization of confidential files shall be implemented in accordance with relevant state regulations. ?
1.4 The safety management of archives digitization outsourcing should follow the principle of "safety first, prevention first", take scientific and effective safety management measures, use technical means to ensure the safety of archives, establish a post responsibility system with clear powers and responsibilities covering the whole process of archives digitization, and strictly supervise and manage the whole process of archives digitization to ensure the safety of archives entities and information. ?
2. Safety management of archives department
2. 1 Establish the archives digital outsourcing management organization attended by the main leaders or leading comrades in charge, and define the departments, personnel and responsibilities of archives digital management.
2.2 According to the overall planning of digital archives, determine the scope of digital outsourcing archives, and put forward the safety management requirements and technical indicators of digital outsourcing archives.
2.3 Put forward safety management requirements in the bidding documents of digital archives outsourcing, and assist in formulating bidding documents and approving contracts. ?
2.4 Investigate the relevant qualifications, performance, personnel, equipment and processing software of digital service institutions to find out whether there are any bad records such as breach of contract and safety accidents. Under the same conditions, priority should be given to digital service organizations with confidentiality qualifications related to digital processing.
2.5 Establish a security and confidentiality system for digital archives, sign a security and confidentiality agreement with digital service organizations, and educate the digital archives processing personnel on security and confidentiality.
2.6 Formulate operation procedures or rules and regulations such as file entity transfer, digital processing flow management, digital achievement acceptance transfer, storage medium management, and file entity protection.
2.7 Establish archives for the management of archives digital outsourcing projects, and record the whole process of archives departments and digital service institutions implementing archives digital outsourcing projects.
2.8 Establish a supervision mechanism to supervise and inspect the implementation of confidentiality and security measures of digital service institutions, prevent the file entities from being damaged or lost, and prevent the digital service institutions from copying, retaining and using the file information without authorization.
3. Security management of digital service organizations
3. 1 A digital service institution must have a valid business license issued by the administrative department for industry and commerce, and its business scope must include archives digital processing or data processing projects.
3.2 The legal person of a digital service institution must be an enterprise legal person or institution legal person registered in People's Republic of China (PRC), and its shareholders and staff must be citizens of People's Republic of China (PRC) and People's Republic of China (PRC), unless otherwise stipulated by the state. ?
3.3 The staff of digital service institutions must provide their own identity certificate and the certificate of no criminal record provided by the public security department, and provide political examination materials when necessary.
3.4 Digital service organizations must sign labor contracts with employees that meet the requirements of national labor laws and regulations. ?
3.5 The number and quality, technology and management level, facilities and equipment of the digital service organization can meet the requirements of the proposed project.
3.6 Digital service institutions must formulate and implement digital security and confidentiality system, and formulate and implement operational norms and management systems such as file entity transfer, digital processing process management, digital achievement acceptance transfer, storage medium management, and file entity protection.
3.7 Digital service institutions shall establish a responsibility system for security posts, and designate special personnel to be responsible for security and confidentiality.
3.8 Digital service institutions shall provide their staff with security education and necessary job training, and sign a confidentiality agreement with the staff, clearly stipulating that the staff shall not read, extract or disclose the contents of archives and other security responsibilities and obligations. The confidentiality agreement shall be reported to the archives department for the record.
3.9 Digital service organizations must actively support and cooperate with the safety inspection of archives administration departments.
4. Safety management of digital places
4. 1 The digital processing site is generally located in an independent and closable building of the archives department.
4.2 The digital processing site shall meet the safety management requirements of anti-theft, fire prevention, dustproof, waterproof, moisture-proof, high temperature prevention, sunlight and ultraviolet radiation prevention, pest prevention and pollution prevention.
4.3 Digital processing sites should be equipped with video monitoring equipment to meet the needs of safety management, so as to ensure that there are no monitoring dead ends in file temporary storage, digital processing stations, servers, data export terminals, doors and windows; The video monitoring system is the responsibility of the archives department. If the digital processing place is located outside the archives department, the archives department shall regularly check the video surveillance system, and the digital service institution shall hand over the video surveillance data to the archives department for preservation. Video surveillance data shall be kept for not less than 6 months from the date of generation; The archives department shall regularly check the video surveillance data, and save the video playback safety inspection records before deleting the video surveillance data.
4.4 Digital processing sites should be equipped with file accessories that meet the national standards and work needs, which are used to store files to be digitized and digitized respectively.
4.5 The wireless network function of all archives digital processing equipment should be turned off at the digital processing site, and relevant tests should be conducted regularly. ?
4.6 Digital workers should have special lockers for storing personal belongings, which should be placed in a separate area with file accessories; Personal items not needed for work, including cameras, video cameras, mobile phones, tape recorders, notebook computers, tablet computers and other electronic devices and various mobile storage media, shall not be stored in digital processing sites; It is strictly forbidden to take the articles in the digital processing site away from the site without authorization. ?
4.7 The staff should be listed for posts, accept identity verification, registration and safety inspection, and irrelevant personnel are strictly prohibited from entering the digital processing place. ?
4.8 The staff shall not engage in activities unrelated to digitalization in the digital processing zone, eat, drink, smoke or bring kindling into the digital processing zone.
4.9 Archives departments and digital service institutions shall designate relevant personnel to regularly inspect digital processing sites to ensure that all rules, regulations and operational specifications related to digital processing and management are effectively implemented and enforced.
5. Security management of digital processing equipment, network environment and data carriers.
5. 1 It is recommended to use the relevant equipment provided by the archives department during the digital processing of archives. The archives department shall carry out necessary safety inspection when using the equipment of digital service institutions.
5.2 Computers, scanners and other equipment used for digital processing of archives must adopt technical means or professional physical equipment, and close all unnecessary information output devices or ports, such as USB interface, infrared interface, Bluetooth interface, SCSI interface and CD interface. , and regularly check the closed devices or ports.
5.3 It is recommended to use domestic equipment and genuine software for digital processing of archives. Data security and network monitoring software and hardware must use domestic brand products that have passed the national security certification. In addition to the necessary operating system, antivirus software, processing software and third-party security management software, the file digital processing computer shall not install any software unrelated to processing.
5.4 Archives digital processing network should be physically isolated from other networks, and it is forbidden to use wireless network cards, wireless keyboards, wireless mice and other devices.
5.5 The network environment of digital archives processing should be equipped with a digital processing security protection system with the functions of authority management, equipment management, port management, log management and security audit, so as to accurately record the access behavior of authorized users, equipment access and information flow of electronic archives.
5.6 Archives digital processing system should have the functions of process definition, task assignment, process tracking, quality inspection, finished product production, data acceptance and data backup management, and set up administrators, security guards and auditors respectively, and implement "separation of three personnel". ?
5.7 In the process of digital processing of archives, it is suggested that the archives department provide hard disks, removable storage media and equipment that cannot guarantee the reliable movement of data, and check and register them one by one. After the digitization work is completed, these devices must be kept or destroyed by the archives department, and it is strictly forbidden to take them away without authorization.
5.8 Equipment and storage media used for digital processing of archives are strictly prohibited from being used interchangeably with other equipment and storage media, and non-digital special equipment and storage media are strictly prohibited from being brought into digital processing places.
5.9 The mobile storage media and recording equipment used in the process of digitalization of archives shall be kept by special personnel appointed by the archives department, and their usage shall be recorded. The copying and burning of digital achievements of archives should be relatively centralized. The archives department shall designate a person to be responsible for counting the number of mobile storage media, and the data media copied or burned by digital service institutions (including damaged data media) shall be handed over to the personnel designated by the archives department in time, and the handover procedures shall be handled.
5. 10 Archives digitization equipment and storage media shall not be sent for repair without authorization, and the written examination and approval procedures shall be handled if they must be sent for repair, and the personnel of the archives department shall supervise them on site.
5. 1 1 The management and use of information equipment dealing with unopened files shall comply with the state regulations on the management and use of secret vector.
6. Safety management of archival units
6. 1 The archives department should check the confidentiality, integrity and order of the files to be digitized and the consistency between the file entity and the directory. Confidential documents should be screened, damaged or incomplete documents should be registered and processed, and documents inconsistent with the document catalogue should be recorded or marked as necessary.
6.2 Archives department personnel should transfer files in batches according to the work plan, and check with the file recipients of digital service institutions. Upon confirmation by both parties, they shall fill in the document handover list in duplicate, indicating the contents, quantity, status, handover time and handler of the handed-over documents.
6.3 Digital processing of archives shall not damage archives. Files damaged, should be punished according to the relevant provisions, and be repaired and registered. When files need to be disassembled, they should be kept as original as possible.
6.4 A document flow chart should be established in the process of document digitization, including document number, processing program, equipment number, quantity, handlers, processing time, etc. In the process of digital processing, the file flow chart should be synchronized with the file entity. ?
6.5 In the process of file digitization, if a file with confidential identification but no decryption identification is found, the digital outsourcing service institution shall stop the digitization of the file and hand it over to the archives department immediately after registering the catalogue.
6.6 Digitally processed files must be put into storage (cabinet) every day, and they are not allowed to stay overnight at the processing station.
6.7 Digital documents shall be kept by special counters, and the digitally processed documents shall be returned to the warehouse in time. Files that have been away from the library for a long time or have hidden dangers of insects and mildew should be disinfected and insecticidal.
7. Safety management of handover, reception and equipment handling of archives digitization results.
7. 1 After the completion of the archival digitization task, the archival department shall organize professionals to conduct special security inspection on the digitized processing media (such as storage media, mobile media and backup media). ) handed over to the archives department, processing surveillance video playback safety inspection records, file entity warehousing handover records, and processing personnel change records. Where there is no special safety acceptance or unqualified acceptance, the overall acceptance of the project shall not be carried out.
7.2 The digitized results of archives must pass the integrity, accuracy, availability and safety inspection, and both parties shall go through the data transfer formalities after passing the inspection.
7.3 After the completion of the archival digitization task, the digitization service organization shall, jointly with the archival department, dismantle the storage media such as hard disks in its own processing equipment, and hand them over to the archival department together with other mobile storage media used in the digitization process, and handle the relevant handover procedures.
7.4 After the completion of the archival digitization task, the archival department must organize professionals to inspect the equipment used by the digital service organization to ensure that there is no information residue in the equipment. Where there is information, it must be safely deleted.
7.5 The digital service organization shall transfer the original record materials such as logs and records formed in the process of file digitization to the archives department for management as the contents of the project archives.