The security of computer information network includes the security of computer information system and Internet operation and the security of information content. Article 3 These Regulations shall apply to the security protection and management activities of computer information networks within the administrative area of Hangzhou. Computer information systems involving state secrets (hereinafter referred to as classified information systems) shall be protected and managed at different levels in accordance with state secrecy laws, regulations and standards. Article 4 The security of computer information network adheres to the principles of "paying equal attention to protection and management" and "who is in charge, who is responsible, who runs and who is responsible". Article 5 The Municipal Public Security Bureau shall be responsible for the security protection and management of the city's computer information networks in accordance with the provisions of these Regulations. The Public Information Network Security Supervision Branch of the Municipal Public Security Bureau is specifically responsible for the security protection and management of computer information networks in the city.
County (city) Public Security Bureau and Xiaoshan District and Yuhang District Public Security Bureau are responsible for the security protection and management of computer information networks within their respective administrative areas.
State security organs, secrecy departments, password management departments, information administration departments, Internet news information service management departments and other relevant administrative departments are responsible for the security protection and management of computer information networks within their respective functions and duties. Article 6 The rights of units and individuals to use computer information networks according to law are protected by laws, regulations and these Regulations.
No unit or individual may use computer information networks to engage in activities that endanger national security, public interests and social order, infringe upon the legitimate rights and interests of citizens, legal persons and other organizations, or endanger the security of computer information networks. Chapter II Security Protection and Management Article 7 Computer information systems implement a security level protection system.
The security protection level of computer information system is divided into five levels. Principles, standards, safety protection and management contents at all levels shall be implemented in accordance with the relevant provisions of the state and the province.
The classified information system shall be protected according to the basic requirements of national level protection, in accordance with the provisions and technical standards of the classified information system of the state secrecy department, and in combination with the actual situation of the system. Article 8 As the main body responsible for security level protection, the operating and using units of computer information systems shall determine the security level protection of computer information systems in accordance with relevant national management norms and technical standards. For newly built, rebuilt or expanded computer information systems, the operating and using units shall determine the security protection level of computer information systems in the planning and design stage, and at the same time build information security facilities that meet the requirements of security protection level. Article 9 The operating and using unit of a newly-built computer information system above Grade II shall go through the filing formalities with the Municipal Public Security Bureau within 30 days after the system is put into operation. The operating and using unit of the computer information system above the second level that has been operated shall go through the filing formalities with the Municipal Public Security Bureau within 30 days after the security protection level is determined. Article 10 Units operating and using computer information systems shall establish a daily inspection system for the security status of computer information systems.
Units operating and using computer information systems shall, in accordance with the relevant national management norms and technical standards, regularly assess the security level of computer information systems, and conduct self-examination on the security status of computer information systems and the implementation of security protection systems and measures. After evaluation or self-examination, the security status of computer information system does not meet the requirements of security protection level, and the operating unit shall formulate a rectification plan. Eleventh computer information system operation and use units shall establish and implement the following security protection system:
(a) the safety responsibility system and confidentiality system;
(2) Verifying, registering and updating the user registration information system in time;
(three) the system of information release review, registration, preservation, deletion and backup;
(4) Information network security education and training system;
(5) Information network security emergency disposal system;
(six) reporting illegal cases and assisting in the investigation system;
(seven) other safety protection systems stipulated by the state and the province. Twelfth computer information system operators and users shall implement the following technical measures for security protection:
(1) Important data backup system and disaster recovery measures;
(2) Preventive and control measures for destructive programs such as computer viruses;
(3) Measures to back up and save system operation and user logs for more than 60 days;
(4) Security audit measures, recording and monitoring network operation status and various network security incidents;
(five) network security isolation and prevention of network intrusion, attacks and other acts that endanger network security measures;
(6) Security management measures for keys and passwords;
(seven) other technical measures for safety protection stipulated by the state and the province.