Measures for the administration of security protection of computer information systems in Jiangsu Province

Article 1 In order to strengthen the security management of computer information systems, protect the security of computer information systems, promote the application and development of computers, and ensure the smooth progress of socialist modernization, these measures are formulated in accordance with the Regulations of People's Republic of China (PRC) on the Security Protection of Computer Information Systems and other relevant laws and regulations, and combined with the actual situation of this province. Article 2 These Measures shall apply to individuals, legal persons and other organizations participating in computer information systems within the administrative region of this province. Article 3 A computer information system refers to a man-machine system which is composed of computers and their related and supporting facilities (including networks) and collects, processes, stores, transmits and retrieves information according to certain application objectives and rules. Article 4 The security protection of computer information system refers to ensuring the security of computers and their related and supporting equipment and facilities, the security of operating environment, the security of information and the normal operation of computers, and maintaining the safe operation of computer information systems. The focus of protection is the security of computer information systems in national affairs, economic construction, national defense construction, cutting-edge science and technology and other important fields. Fifth provincial, municipal and county public security organs are the competent authorities for the security protection of computer information systems within their respective administrative areas, and are responsible for supervising, inspecting and guiding the security protection of computer information systems; Investigate and deal with illegal and criminal cases that endanger the security of computer information systems; Using computer technology to investigate and deal with criminal activities; Implement the security protection of computer information system. Article 6 Users of computer information systems shall establish and improve the safety management system, implement the responsibility system for safety protection, and be responsible for the safety protection of their own systems. Seventh without the approval of the competent examination and approval unit, no unit or individual may set up a computer network, engage in computer information services, e-mail and other businesses in the society; The computer network established upon approval shall go through the examination and approval procedures, and shall be filed with the local public security organ for safety supervision and inspection. Article 8 Anyone who operates an open computer room, provides network information services or uses computer software to engage in business activities of game machines must be examined and approved by the public security organ at or above the county level. Article 9 When using computers for international networking, it shall abide by the relevant laws and regulations of the state and report to the local public security organ at or above the county level for the record. Article 10 The security of computer information system rooms shall comply with the relevant provisions of the state. The design and construction of newly built, rebuilt and expanded computer rooms must be carried out in accordance with relevant state regulations and technical specifications. Before use, the safety inspection must be carried out by the institutions designated by the provincial public security department, and the local public security organs at or above the county level shall organize the acceptance.

Computer rooms newly built, rebuilt and expanded in key units and important industries must be audited by institutions designated by the Provincial Public Security Department for engineering design safety; After the completion of the project, safety inspection shall be carried out in accordance with the relevant provisions of the state. Before use, it must be examined and confirmed by the computer supervision department of the provincial public security department. Article 11 Computer information systems shall be classified into security levels in accordance with relevant regulations, protected by security levels, formulated with emergency response and recovery plans for computer disasters, and established with a security audit system for computer information systems, and the public security organs at or above the county level shall organize and implement annual inspection and assessment. Before the computer information systems of key units and important industries are put into operation, a system security review organized by the Provincial Public Security Department and attended by relevant experts shall be conducted. Twelfth key units, important industries, computer managers, safety engineering designers and safety product maintenance services and other specific positions and types of personnel must go through special computer safety training organized by public security organs and hold safety training certificates. Thirteenth key units refer to the leading organs of the party and government, key construction projects, national defense construction and relevant units in the frontier fields of science and technology, as well as radio stations, television stations, newspapers, telecommunications hubs and important power units. Important industries refer to banking, securities, futures, insurance, taxation and other departments. Article 14 The management of computer information systems involving state secrets, enterprise secrets and internal use shall comply with the relevant provisions of the Law of People's Republic of China (PRC) on Guarding State Secrets and the Interim Provisions of Jiangsu Province on the Safety Management of Computer Information Systems in International Networking. Fifteenth any unit or individual shall not use computers to engage in activities that endanger the interests of the state, the collective interests and the legitimate interests of citizens, and shall not endanger the security of computer information systems. Article 16 No unit or individual may produce or disseminate destructive programs such as computer viruses and other harmful data. No media containing computer viruses and other harmful data shall be produced, copied, disseminated, rented or sold. Seventeenth units and individuals engaged in computer virus and other harmful data prevention and control research, should be reported to the public security organs of local people's governments at or above the county level for registration and approval. Article 18 The term "harmful data" as mentioned in these Measures refers to computer programs or data (including computer viruses) that exist and appear in computer information systems and their storage media and are expressed in various forms such as computer programs, images, words and sounds, and contain contents that endanger national security, social security and order, the operation and function of computer information systems, application software, data reliability, integrity and confidentiality, etc., and are used for illegal activities. Article 19 A licensing system shall be implemented for the sale of special computer security products. Units or individuals selling special computer security products shall apply to the local public security organs at or above the county level for a sales license for special computer security products. Without a sales license, special products for computer security shall not be sold. No unit or individual may use special computer security products without a sales license issued by the Provincial Public Security Department.