1. An independent legal entity registered in People's Republic of China (PRC), with a clear development history and clear property rights relations.
2. Abide by relevant national laws, regulations and standards, have no record of violation of laws and regulations, and have a good credit status.
Office space requirements
Have a long-term fixed office space and suitable office conditions, which can meet the needs of institutional setup and business.
performance requirement
1, engaged in information security service (consistent with the declared category) for more than 4 months.
2. At least 1 information security service projects have been signed and completed in the past 1 year (at the time of supervision and audit) (consistent with the declared category).
Financial credit requirements
The organization and operation are normal, and the establishment of financial management system can provide necessary financial support for security services.
Personnel quality and qualification requirements
1, the person in charge of the institution has more than 2 years of management experience in the information technology field.
2. The technical director has information security service management ability (consistent with the declared category), and evaluates the requirements through evaluation (consistent with the declared category).
3. The project leader and project engineer have the technical ability of information security service (consistent with the declared category) and passed the evaluation.
Technical tool requirements
1. Establish the process required by information security service (consistent with the declared category) and implement it according to the process.
2, the development of information security service (consistent with the declaration category) requirements of the norms and standards, and in accordance with the norms.
Service management requirements
1. Establish and run personnel management procedures, identify the service ability requirements of security service personnel, clarify the post responsibilities and technical ability requirements of security service personnel, and prove that they are competent for their duties through evaluation.
2. Develop a capacity-building plan for service personnel, including technologies, skills, management and awareness related to network and information security, and implement the plan to ensure that service personnel continue to be competent for their duties.
3. Establish and run file management procedures, including organization management, service process management and quality management. , and stipulate the document control of project generation, distribution, storage, transmission, use (including delivery and internal use) and abandonment.
4. Establish and run the project management procedures, define the operating procedures of organization, planning, implementation, risk control and delivery of service projects, and provide project risk management records.
5. Establish and run the confidentiality management procedures, clarify the post confidentiality responsibilities, sign confidentiality agreements, and promptly educate relevant personnel on confidentiality.
6. Establish and run supplier management procedures to ensure that its suppliers meet service safety requirements (only applicable to safety integration, safety operation and maintenance, disaster backup and recovery).
7. Establish contract management procedures, formulate a unified contract template, and implement the information security service project according to the contract. According to customer requirements, protect sensitive customer information and intellectual property information, and ensure that service personnel understand customer requirements.