Provisions on the administration of the use of confidential computers
I. Provisions on the Security and Confidentiality Management of Computers and Networks
Chapter I General Principles
Article 1 In order to standardize the use and management of computers and information systems of our Commission, and ensure network security and information confidentiality, these Provisions are formulated in accordance with the requirements of the relevant national regulations on information system management and confidentiality and in combination with the actual situation of our Commission.
Article 2 These Provisions shall apply to all the staff of our Committee, as well as all computers and auxiliary equipment, networks and information systems connected to the Huai 'an e-government extranet of the Municipal Population and Family Planning Commission.
Article 3 The office is the competent department of computer and information system security and confidentiality entrusted by our committee, and is responsible for the formulation, inspection and implementation of relevant security and confidentiality systems and measures; Responsible for the management, maintenance and inspection of the computer and information system of the National Committee.
Article 4 The principle of "who uses, who manages and who is responsible" shall be applied in computer security management. The main person in charge of each office is the first person responsible for the security and confidentiality of computers and information in this office, and is responsible for the daily security and confidentiality of computers and information in this office.
Chapter II Security and Confidentiality
Article 5 The Office shall be responsible for the classification of various documents and materials entrusted by the CSRC, and the use and management of computers involving confidential information.
Article 6 The confidential computers in the office of this Committee must be clearly marked to distinguish non-confidential carriers from confidential carriers. Confidential computers must be managed and operated by special personnel. Without the consent of the main person in charge of the office and the management personnel, no one may operate the confidential computer.
Article 7 It is strictly forbidden to edit and store confidential information on all laptops used by the Committee. If you need to handle confidential information at work, it will be managed as a confidential computer, and you are not allowed to carry it at will.
Article 8 Computers involved in the processing of confidential information must be provided with a power-on password, and no Internet access is allowed, and the private network is dedicated.
Article 9 The software installation, hardware maintenance, elimination and update of classified computers must be handled by special personnel.
Tenth backup confidential information storage media must be kept by special personnel, and the important content is encrypted, and it is not allowed to carry and copy it at will.
Eleventh offices need to publish information on the Internet with reference to Huai 'an population and family planning commission Information Publishing System.
Chapter III Equipment Management
Article 12 The office is responsible for the procurement and after-sales service of computers and external equipment.
Thirteenth after the installation and debugging of computer equipment, random tools and software should be kept by the designated person in each office.
Fourteenth computer hardware, software and external equipment installation and setting, by the office according to the actual needs, unified allocation of resources, without permission, it is strictly prohibited to arbitrarily change the computer internal network parameters.
Fifteenth computer failure, should promptly notify the office. Computer maintenance and elimination of confidential information must be carried out in accordance with confidentiality provisions to ensure that it is not classified or leaked.
Chapter IV Virus Prevention and Control
Article 17 Before using computers, all offices must uniformly install the anti-virus software provided by the office, and regularly check, kill and upgrade the virus.
Eighteenth overseas electronic information storage media and electronic information storage media after foreign exchange must be checked for viruses before use, and overseas software and unchecked overseas electronic information storage media shall not be run without authorization.
Nineteenth once the virus is found, it should be immediately reported to the office for virus killing.
Twentieth the provisions shall come into force as of the date of formulation.
Second, the notebook computer safety management regulations
Article 1 The public notebook computer entrusted by me should be dedicated to the special plane, stored in the special counter and managed by a special person to ensure safety.
Article 2 The notebook computer I entrust should generally be used in the office. If the work needs to be taken out of the office, it must be reported to the leadership of the Committee for approval and managed according to the regulations.
Article 3 When carrying a laptop on a business trip or meeting, it shall be properly kept, and it shall not be taken into irrelevant places to prevent it from being lost or stolen.
Article 4 Notebooks storing classified information shall be kept confidential according to the highest classification of classified information, and it is strictly forbidden for classified notebooks to surf the Internet.
Article 5 These Provisions shall come into force as of the date of promulgation.
Three, computer maintenance, replacement, scrap safety management regulations
1. When maintaining and overhauling the classified computer system, it is necessary to ensure that the stored classified information is not leaked. For confidential information, security measures such as transferring, deleting and transferring storage media in different places should be taken.
Second, the confidential room should record the failure phenomenon, failure reason and expansion of the equipment in the room on the Record Book of Equipment Maintenance Archives.
3. All confidential equipment that needs to be repaired must be approved by confidential personnel and competent leaders, and confidential information can be irretrievably deleted before implementation.
Four, by the person responsible for the office computer software installation and equipment maintenance work, it is strictly prohibited to install computer software for users and unauthorized removal of computer equipment.
Five, confidential computer scrap by the security leading group is responsible for the designated destruction.
Fourth, the information dissemination system.
Article 1 This system is formulated in order to give full play to the role of the portal website of population and family planning commission in Huai 'an and establish a standardized mechanism for information collection, review, release and maintenance.
Article 2 The information mentioned in this system refers to information in the form of words, data and pictures published on portal websites. The information published by the portal website is non-confidential information, and confidential information may not be published online.
The third portal is the information service hub of population and family planning commission in Huai 'an, which provides a platform for the offices of the Committee and population and family planning commission at all levels in the city to release information to the society. Article 4 The portal website mainly publishes population and family planning information, focusing on policies and regulations, work trends, announcements, government information disclosure, graphic messages, work guides and other information related to the work of population and family planning commission in Huai 'an.
Fifth the city's offices and population and Family Planning Commission at all levels should provide information actively, accurately and timely according to the requirements of the columns set by the website, and make good use of the portal website for publicity.
Article 6 When offices at all levels in the city and the Population and Family Planning Commission need to publish important information of their own departments and units on the portal website, they must provide electronic documents and transmit them to the offices through the Internet, floppy disks and USB flash drives.
Article 7 Information published by portal websites shall go through strict examination and approval procedures, and unaudited information shall not be published online.
Eighth information audit content includes:
(1) Whether the information on the Internet is confidential;
(two) whether it is appropriate to release online information to the outside world at present;
(3) Whether the statistical data in the information is accurate.
Article 9 The office is responsible for information update and information online release, and the person in charge of each office is responsible for the review of information materials.
Tenth of the information audit is not strict, resulting in losses, leaks, according to the relevant provisions of the state secrecy laws and regulations to be dealt with.
V. Internet information security system
Internet information mainly refers to words, data, pictures, images, animations, sounds and so on.
Second, the confidentiality management of network information adheres to the principle of "whoever publishes online is responsible". When publishing any information on the Committee's website, expanding or updating online information, we must conscientiously implement the information confidentiality review system and strictly review it. There shall be no content that endangers national security, divulges state secrets or infringes upon the interests of the state, society and the Committee. Any information that may involve the scope of confidentiality must be approved by the leaders of the Economic Commission before surfing the Internet.
Three, state secrets are related to national security and interests, determined in accordance with legal procedures, and only a certain range of people know within a certain period of time. Including the following secret matters:
(1) Secret matters in major state decisions;
(2) Secret matters in national defense construction and activities of the armed forces;
(3) Secret matters in diplomatic and foreign affairs activities and matters with confidentiality obligations;
(4) Secret matters in national economic and social development;
(five) secret matters in learning technology;
(six) activities to safeguard national security and trace criminal secrets;
(seven) other state secrets that should be kept secret as determined by the state secrecy department.
Four, computer information systems involving state secrets, shall not be directly or indirectly connected with the Internet or other public information networks, must be physically isolated.
Fifth, if the staff of the Committee find any information that reveals state secrets on the Committee's website, they are obliged to report it to the office in time and keep the original records. The office should strengthen the safety supervision and inspection of online information, and the network administrator is responsible for monitoring, saving, deleting and backing up online information. Take immediate measures to delete the information involving state secrets in time, retrieve the original records, and immediately report to the leaders of the Committee.
Six, the security management of confidential storage media
Regulation 1. Confidential storage media refers to hard disk, optical disk, floppy disk, mobile hard disk, U disk, etc. Store confidential information.
Second, offices and units with classified storage media need to fill in and keep the Registration Form of Classified Storage Media, and report a copy of the registration form to our confidentiality leading group for registration and filing, and report the changes in time.
3. Storage media containing confidential information shall not be accessed or installed on non-confidential computers or low-secret computers, lent to others or taken out of the work area, and shall be stored in the safety cabinet designated by the unit after work.
Four, because of work needs must be taken out of the work area, need to fill in the "secret storage media out of the registration form", approved by the competent leadership, and reported to the security leading group for registration, after returning to the security leading group for review and cancellation.
Six, copy the secret storage medium, must be approved by the unit leader, and fill in a "secret storage medium use registration form" for each medium, and give different numbers. Seven, the need to archive the confidential storage media, should be filed together with the "registration form" for the use of confidential storage media.
Eight, each office is responsible for the management of all kinds of classified storage media used by it, and should determine the classification and confidentiality period according to relevant regulations, and treat them as paper documents, and carry out classified management according to the documents with corresponding classification.
Nine, the maintenance of confidential storage media should ensure that information is not leaked, and the person in charge of each confidential office is responsible for it. Need to send maintenance, with the approval of the leadership, to the maintenance point designated by the national security department, and there are security personnel present.
Ten, no longer use confidential storage media should be reported by the user, approved by the unit leader, the office is responsible for the destruction.
Seven. Confidentiality management system of photocopiers and multifunction machines In order to strengthen the confidentiality management of our digital photocopiers and multifunction machines, this system is formulated in accordance with the relevant confidentiality regulations of photocopiers.
Article 1 These Provisions shall apply to all digital copiers and all-in-one machines with copying function of this Committee.
Article 2 The office of the Committee shall be responsible for the security management of digital copiers and multifunction machines. Specific management work should be carried out by personnel with good political quality, skilled technology and strong sense of responsibility. It is strictly forbidden for irrelevant personnel to use photocopiers. The user is responsible for managing the all-in-one machine.
Article 3 The copying of documents and materials must obtain the consent of the management personnel of the copier, and the number of copies shall be strictly controlled.
Article 4 Top secret and confidential documents shall not be copied. Generally speaking, copying confidential documents is not allowed. If it is really necessary to copy confidential documents due to work reasons, the consent of the security clerk shall be obtained and detailed records shall be made. The copy and the original have the same classification, and shall be handled in accordance with the relevant provisions of confidentiality.
Article 5 The documents and materials that are strictly prohibited to be copied are: documents and telegrams marked as top secret and confidential; The internal draft, recorded draft or recorded draft of China leaders' speeches; Documents, materials, drawings and publications that are not allowed to be copied by the issuing unit; Currency and negotiable instruments; Reactionary, obscene and feudal superstitious reading materials, slogans and prohibited written materials.
Article 7 The daily management of all-in-one machines shall be implemented with reference to photocopiers.
Eighth acts in violation of this system will be dealt with according to the seriousness of the case. If the circumstances are minor, they shall be transferred to judicial organs for handling in the informed criticism within the scope of the Committee. If the circumstances are serious or cause leaks, they shall be transferred to judicial organs for handling according to the Law on Secrecy and Guarding State Secrets and relevant laws and regulations.
Computer Security Management System of Industry Bureau of Municipal Party Committee Group
All cadres and workers of the Bureau must abide by the Secrecy Law of People's Republic of China (PRC) and the Regulations of People's Republic of China (PRC) on the Security Protection of Computer Information Systems.
A, the comprehensive department unified management of computer resources. After the registration of each subject, the general subject will put it on record. All secret-related departments should establish equipment account files to record the original data, maintenance, upgrade and changes in operation of equipment. Random data (including magnetic media, optical disks, etc. ) and equipment warranty cards (sheets) shall be kept by all secret-related departments themselves.
Second, the setting of computer security level, by the Bureau of security leading group according to the actual needs of the work, the highest security level of stored information set computer security level, by the General Department is responsible for the paste security signs according to the confidentiality provisions, do a good job in computer three-level security.
Three, in principle, computer resources can only be used for the normal work of the unit, it is forbidden to use computer resources to engage in activities unrelated to work.
Four, the computer to deal with confidential matters should be dedicated to the plane, managed by a special person, strictly controlled, and shall not be used by others.
5. It is forbidden to use the Internet or other non-confidential information systems on classified computers; It is forbidden to process confidential information on unclassified computer systems.
Six, install a physical isolation card on the computer that handles confidential information, strictly one machine is dual-purpose. It is strictly forbidden for classified computers without physical isolation cards to access the Internet.
Seven, classified computer system software configuration and its own classified content of various application software, shall not be borrowed and copied.
Eight, shall not be classified storage media out of the office, such as work needs to be brought out, need to perform the corresponding examination and approval and registration procedures.
Nine, without permission, any private CD, floppy disk, U disk shall not be used on classified computer equipment; Anti-virus software must be installed on confidential computers and upgraded regularly.
X. The export of classified information generated by various departments and units shall be signed and approved by the competent leader of the unit, operated by special personnel, registered and put on record, and the exported classified information shall be managed according to the corresponding classification.
Eleven, confidential information in addition to the development of a sound backup system, but also must take effective anti-theft and fire prevention measures to ensure the safety and confidentiality of backup, and do a good job in remote backup.
Provisions on computer secrecy and security management
Chapter I General Provisions
Article 1 In order to strengthen the computer security management of bureau organs, keep state secrets, ensure the normal use of computer systems, and give full play to the benefits of office automation, these Provisions are formulated in accordance with the provisions of relevant national and provincial laws, regulations and related documents, combined with the actual situation of our bureau.
Chapter II Technical Management of Computer Safe Operation
Article 2 Computer files of workstations, including machine configuration, maintenance records and replacement parts, etc. , should be set up by the office. Every computer must be managed by a special person, and the user is the first person responsible for the daily maintenance of the computer.
Article 3 Users must use computers according to correct operating procedures. Start and exit the operating system according to normal steps; Do not arbitrarily change the network-related parameters set in the computer operating system; Do not delete or modify the system software uniformly set by the computer at will; You should always clean up the useless files in the computer and the useless information in the garbage station to keep the normal hard disk space. After the work is finished, the power supply must be cut off (switch off the wiring board).
Article 4 Users should ensure that computers work in a virus-free state. The computer should be installed with genuine antivirus software, which should be upgraded regularly (usually once a month) and disinfected regularly (usually once a week); Software and data carriers (floppy disk, USB flash drive, mobile hard disk, CD-ROM) used for the first time should be tested by anti-virus software to confirm that there is no virus and harmless data before they can be put into use. When computer operators find that computers are infected with viruses, they should stop running immediately, and contact computer administrators in time to eliminate viruses when the connection with the office LAN is cut off.
Article 5 Computers are mainly used for business data processing and information transmission to improve work efficiency. It is forbidden to play games and install all software unrelated to work on the computer during office hours.
Article 6 When using the Internet on a computer, you must abide by the Decision of the National People's Congress on Maintaining Internet Security and the Measures for the Administration of Internet Information Services (Order No.292) promulgated by the State Council in September 2000, and you are not allowed to enter pornographic websites, reactionary websites and&; Times; & era; & era; Website. Don't use the office network equipment to transmit reactionary and wrong information. Anyone who violates the provisions of this article shall be recovered by the office and punished according to the relevant provisions.
Article 7 The office shall be responsible for the procurement and maintenance of computers. When users find abnormal phenomena (such as network errors or system crashes) in the process of using computers, they should contact the office managers in time, and the office will assign professionals to carry out maintenance. They are not allowed to disassemble and repair themselves, so as not to damage the user data. Maintenance personnel need to make maintenance records for future reference after maintenance.
Eighth users should take good care of computers and network equipment, and are not allowed to disassemble and install network equipment such as network cards and network cables of Internet computers at will.
Chapter III Security and Confidentiality Management
Article 9 In computer operation, we must strictly abide by the relevant laws and regulations of the state, strictly implement the security and confidentiality system and the relevant confidentiality provisions of the office, and must not store files identified as confidential in the computer hard disk connected to the network. When dealing with information involving state secrets, we must cut off contact with the Internet. Do not use the computer internet to engage in illegal and criminal activities such as endangering national security and revealing state secrets; Do not use the Internet to collect, sort out or steal state secrets; The use of e-mail for online information exchange must abide by the relevant state confidentiality regulations, and it is not allowed to transmit, forward or copy state secret information by e-mail.
Tenth computer information system is strictly prohibited to transmit top secret information. Confidential and confidential information shall be marked with "Confidential" and "Secret" respectively, and transmitted in relevant confidential networks after encryption. It is forbidden to transmit all confidential information on the Internet.
Eleventh computer users are responsible for the security management of network information and monitor the normal operation of network information; If it is found that state secrets have been leaked, it shall take remedial measures in time and report to the secrecy department and the competent leader.
Article 12 Important files in a computer should be kept in centralized encryption by a special person, and they should not be copied and decrypted at will. Confidential information that needs to be saved can be transferred to CD or other removable media; The maintenance of computer media storing state secret information should ensure that the stored state secret information is not leaked; The secret information in discarded disks and other storage devices should be completely removed by technicians. The media storing classified information must be marked with classification according to the highest classification of the stored information, and managed according to the files with corresponding classification.
Thirteenth confidential computer information in the print output, the print file must be managed in accordance with the confidentiality requirements of the corresponding confidential documents; Residual pages, secondary pages and waste pages generated in the printing process should be destroyed in time; Information carrier (floppy disk, CD, etc.). ) and computer-processed business reports, technical data and drawings shall be kept by special personnel, and used, borrowed, handed over and destroyed according to regulations.
Article 14 The security and confidentiality of the local area network must be ensured. The security and secrecy of the local area network shall be subject to the business guidance of the secrecy department; The use and management of secure communication equipment shall be subject to the business guidance of the security department.
Fifteenth all internet computers must be used correctly in accordance with the operating norms, and outsiders are strictly prohibited from using internet computers.
Sixteenth LAN administrators and workstation administrators must strictly abide by the safety management regulations, and it is strictly forbidden to disclose passwords and data related to the network. All data on the Internet must be backed up regularly and stored safely.
Article 17. After the breakdown of confidential computers, it is not allowed to ask companies or personnel who are not exposed to confidential information to repair them at will. The office will assign special personnel to carry out maintenance under the supervision of confidential personnel. Demolition and replacement of waste parts should be destroyed in time.
Chapter IV Management of Main Control Room
Eighteenth non computer room management personnel without permission, it is strictly prohibited to enter the computer room. Personnel who enter the computer room with consent shall strictly abide by the regulations on computer room management.
Nineteenth main computer room should establish and improve the management system of computer virus prevention, discovery, reporting and elimination, as well as the system of computer equipment use and maintenance, regularly carry out virus detection on the computer information network system of the organ, and be responsible for the safety management of the computer of the organ.
Article 20 It is strictly forbidden to operate and use the equipment running in the computer room at will, and the personnel entering and leaving the computer room must strictly abide by the operating rules, and it is strictly forbidden to use all kinds of mechanical equipment in the computer room illegally.
Article 21 It is forbidden to handle work-related affairs (such as meeting guests and chatting) in the computer room. If there are visitors, you can receive them in the relevant office.
Twenty-second staff should keep the computer room clean and tidy. Adhere to a small cleaning once a day and a big cleaning once a week. Smoking is strictly prohibited in the computer room, so as to eliminate all fire hazards.
Twenty-third acts in violation of the above provisions should be dealt with according to the seriousness of the case, combined with the relevant provisions of the state and the province, state and county, and the responsibility of the relevant person in charge should be investigated.