Article 41 The competent information department of the people's government at or above the county level shall, jointly with relevant departments and institutions, strengthen the collaborative management of information security, and establish and improve the systems of information security level protection, security early warning, risk assessment, emergency command, security notification and responsibility determination.
Article 42 The competent information department of the people's government at or above the county level shall, jointly with relevant departments, promote the research and development and industrialization of information security technology, promote the application of electronic signatures in e-government, e-commerce and public services, and adopt independently controllable information security products and services.
Article 43 The competent unit or operating unit of information network and information system shall, in accordance with the relevant provisions of the state, determine the security level of its information network and information system and build a corresponding information security system.
The information security system must adopt legally certified information security products, and be designed, constructed and put into use simultaneously with the information network and information system.
Forty-fourth basic information networks and important information systems related to the national economy, people's livelihood and social stability should carry out information security assessment and risk assessment, and build a disaster recovery backup system. Information networks and information systems involving state secrets shall be kept confidential in accordance with the relevant state secrecy provisions.
Forty-fifth information network and information system authorities or operating units shall determine the information security management personnel, establish information security management system, strengthen information security education, and ensure the safe operation of their information networks and information systems.
The subordinate units or operation and maintenance units of basic information networks and important information systems shall formulate emergency plans for information security incidents and report them to the relevant competent departments for the record.
When an information network or information system security incident occurs, its subordinate unit or operating unit shall promptly take measures to reduce the damage, prevent the situation from expanding, keep relevant records, and report to the relevant competent department in a timely manner in accordance with relevant regulations.