(1) person in charge
The department responsible for information systems and operating units.
City Information Office Security Center
(2) Work contents and standards
1. All information system authorities and operating units shall independently determine the system level according to the Administrative Measures for Information Security Level Protection and the Classification Guide for Information System Security Level Protection (Draft for Review).
2. Experts can be hired to review the scoring situation and issue review opinions; Refer to the expert review opinions to determine the system level and form a classification report.
3 City Information Office Security Center is responsible for grading consulting services (grading methods and processes), and opens a hotline for grading protection consulting services.
(3) Work results
Expert review opinions
Information system security level report
Second, the system classification and filing stage
(1) person in charge
Information system departments and operating units
Municipal information office
District and county information office
Municipal e-government level protection expert group
(2) Work contents and standards
1. System classified archive materials
Information system security level protection record form: basic information of the unit, information system, information system level, and materials submitted by information systems above level 3;
Archive electronic data: archive rar files generated by software.
2. The filing materials shall be submitted by the system at different levels.
Information system security level protection record form: submitted to the competent information department at the same level through document exchange;
Archive electronic data: mail is sent (or delivered by special person) to the competent information department at the same level.
3, the county information office is responsible for the summary of electronic data files, submitted to the Municipal Information Office before the end of each month;
4. After receiving the filing materials and electronic data files, the Municipal Information Office will complete the material review within 10 working days and conduct a preliminary review of the system security level. If:
Accept filing, and write the reply of Information System Security Protection Level Filing -A;
If the information is incomplete, write a reply to the information system security protection level for the record-b;
Obviously, grading is not allowed, and it is submitted to the e-government level protection expert group for re-evaluation. At the same time, write a reply on the C-level record of information system security protection level, and formally reply to the competent department of information system and the operation and use unit for the record.
5, led by the Municipal Information Office, the establishment of the municipal e-government level protection expert group, regularly re-evaluate the system that obviously does not allow filing, and coordinate the system operation and use units to adjust the system level.
(3) Work results
Reply on the filing of information system security protection level A
Reply on B-level filing of information system security protection
Reply on the filing of information system security protection level -C
XXXX Information System Classification Expert Review Opinion
Third, the evaluation and rectification in the construction stage.
(1) person in charge
Information system operation and use unit
Municipal information office
Municipal e-government level protection expert group
(2) Work contents and standards
1. The information system operation and use unit is responsible for the risk assessment and rectification construction of the system, and the operation and use unit of important information systems shall declare the system level protection and rectification construction plan to the Municipal Information Office;
2. The Security Department and Security Center of the Municipal Information Office are responsible for level protection consultation, and recommend qualified risk assessment implementation units, testing institutions and security service companies.
3 city e-government level protection expert group, responsible for the evaluation of e-government important information system level protection rectification construction plan.
(3) Work results
Grade protection rectification construction scheme;
Review opinions on rectification construction scheme;
Fourth, the rating stage.
(1) person in charge
Information system operation and use unit
Municipal information office
(2) Work contents and standards
The operating and using units of e-government information system shall ensure the funds for system security level assessment, and carry out level assessment at the same time.
Secondary system should be in accordance with the requirements of the "measures for the administration of information security level protection", by the operating unit to choose a qualified assessment agencies to carry out rating assessment, the formation of rating assessment report, submitted to the competent information department at the same level (municipal information office and district information office);
Level 3 (and above) system rating is organized and implemented by the Municipal Information Office.
The Security Center of the Municipal Information Office is responsible for tracking the progress of rating evaluation of important information systems.
(3) Work results
Information system security level evaluation report;
Progress in Grade Evaluation of Important Information Systems
Verb (abbreviation of verb) supervision and inspection stage
(1) person in charge
Information system operation and use unit
Municipal information office
(2) Work contents and standards
Led by the Municipal Information Office, in conjunction with relevant departments, the implementation of the hierarchical protection system for the information system (especially the important information system) of the Municipal Commission Office shall conduct a joint law enforcement inspection every year;
For the important e-government systems in this city, the Municipal Information Office will complete the inspection and evaluation of all important e-government systems in batches in two years.
(3) Work results
Law enforcement inspection report
Inspection and evaluation report