Chapter I General Provisions
Article 1 In order to protect the security of computer information systems, encourage the application of computers and promote the development of computers, these Measures are formulated in accordance with the Regulations of People's Republic of China (PRC) on the Security Protection of Computer Information Systems and the actual situation of our province.
Article 2 These Measures shall apply to the security protection of computer information systems within the administrative area of Sichuan Province.
Article 3 A computer information system refers to a man-machine system which is composed of computers and their related and supporting facilities (including networks) and processes information according to certain application objectives and rules.
Article 4 The security protection of computer information systems shall ensure the safety of computers and their supporting and related equipment, facilities (including networks) and operating environment, as well as the safety of computer information, ensure the normal operation of computer functions and maintain the safe operation of computer information systems.
Computer information system security protection focuses on maintaining the security of computer information systems in important fields such as national affairs, economic construction, national defense construction and cutting-edge science and technology.
Article 5 Public security organs shall be in charge of the security protection of computer information systems and supervise the security protection of computer information systems.
The national security department and other relevant departments shall do a good job in the security protection of computer information systems within their respective functions and duties.
Article 6 Users of computer information systems shall abide by the provisions of laws and regulations on the security protection of computer information systems, establish and improve the security protection system, and implement the responsibility for security protection.
Article 7 Citizens, legal persons and other social organizations shall not endanger the security of computer information systems or engage in activities that endanger the legitimate rights and interests of the state, collectives and citizens by using computer information systems.
Eighth in the computer information system security protection work, citizens, legal persons and other social organizations have made outstanding achievements, commended and rewarded by the competent departments or units.
Chapter II Safety Protection System
Article 9 Computer information systems shall be protected by security levels.
The security level of computer information system is divided into information security level and system reliability level.
Article 10 According to the importance of information, the information security level of computer information system is divided into four levels:
(1) Grade A, that is, highly sensitive information;
(2) Grade B, that is, sensitive information;
(3) Grade C, that is, internal management information;
(4) level d, that is, public information.
Article 11 The reliability grades of computer information systems shall be classified according to the technical standards of information security and the operation and management status of the system.
Twelfth specific standards of computer information system security level, formulated by the provincial public security department according to the requirements of the Ministry of public security and other relevant departments of the state.
Thirteenth computer information system security level confirmation or change, in accordance with the following provisions:
(a) county (city, district) and its subordinate units to the county (city, district) public security organs to declare, the city (the ground) public security organs audit, submitted to the provincial public security department for approval;
(two) the city (the ground) is the use of units, to the city (the ground) public security organs to declare, by the city (the ground) public security organs reported to the provincial public security department for approval;
(three) the use of units at or above the provincial level, the provincial public security department for approval.
The computer information system can only be put into use after it has been examined and approved in accordance with the provisions of the preceding paragraph to determine the security level and obtain the certificate of safe use.
Fourteenth computer rooms shall comply with national standards and relevant state regulations.
Construction or other activities near the computer room shall not endanger the safety of the computer information system.
Fifteenth important computer information system application personnel shall receive safety training and obtain the computer safety application qualification certificate issued by the provincial public security department before operating the computer.
Sixteenth cross-industry, cross-departmental, cross-city and county networking and change or stop networking of computer information systems, should be within 30 days from the date of networking, change or stop networking, by its users to the local public security organs at or above the city (prefecture) for the record.
The computer information system for international networking shall be filed with the provincial public security department within 30 days after formal networking.
Article 17 Whoever transports, carries or mails computer information media into or out of the country shall truthfully declare it to the customs. When the customs discovers information media that endanger the security of computer information system, it shall promptly notify the local city (prefecture) public security organ.
Eighteenth of the use of computer information systems for illegal and criminal activities, the user shall report to the local public security organs at or above the county level within 24 hours after the discovery, and protect the scene and related information, conditional should stop waiting for processing.
Article 19 No unit or individual may manufacture or intentionally import or disseminate computer viruses and other harmful data, and may not copy, intercept or tamper with data in computer information systems by illegal means.
Twentieth the use of new computer viruses, should be reported to the local public security organs at or above the county level within 3 days.
Users should report to the local public security organs at or above the county level within 24 hours when they find harmful data such as political viruses, and pay attention to protecting the site and related materials, waiting for processing.
Twenty-first manufacturing, selling, leasing and maintaining computer software and hardware must test the products. If computer viruses and other harmful data are found, they should be handled in accordance with the provisions of Article 20 to ensure that the products do not carry computer viruses and other harmful data.
Twenty-second without the approval of the provincial public security department, no unit or individual may engage in the following activities:
(a) Collecting and preserving computer viruses;
(2) Publishing, distributing, publishing, producing, disseminating and selling books and information media containing computer virus mechanisms and virus source programs;
(3) Publicly releasing the news of computer virus epidemic;
(four) to carry out activities involving computer virus mechanism.
Those who engage in the activities mentioned in Item (2) of the preceding paragraph with the approval of the Provincial Public Security Department must report to the administrative department of press and publication for approval in accordance with regulations.
Article 23 To carry out research on computer virus prevention and control, an application shall be submitted to the local city (prefecture) public security organ for approval, and the research work shall be reported regularly.
Twenty-fourth sales of computer information system security products, must be approved by the provincial public security department, for computer security products sales license, can be sold.
Where the state has other provisions on the management of special products for confidentiality of classified computer information systems, such provisions shall prevail.
Chapter III Safety Supervision and Management
Twenty-fifth public security organs at all levels are mainly responsible for the security protection of computer information systems:
(a) to supervise, inspect and guide the security protection of computer information systems;
(two) to carry out publicity and education on the security protection of computer information systems;
(three) to investigate and deal with illegal and criminal cases that endanger the security of computer information systems;
(four) to provide security guidance for the construction, reconstruction and expansion of computer information systems;
(five) to manage the prevention and control of computer viruses and other harmful data;
(six) according to the provisions of the audit of computer information system security level:
(seven) to supervise the sales activities of special computer security products;
(eight) to perform other supervisory duties of computer information system security protection.
Twenty-sixth law enforcement officers of public security organs shall show the computer safety supervision certificate issued by the provincial public security department when exercising the supervision duties of computer information system security protection, and enforce the law in a civilized manner.
Twenty-seventh public security organs find hidden dangers that affect the security of computer information systems, and shall promptly issue rectification notices to users, and make rectification within a time limit.
Twenty-eighth users of computer information systems shall establish a leading organization for the security protection of computer information systems or be equipped with full-time and part-time management personnel to implement the responsibility system for security; Organize on-the-job training for managers and application operators; Make plans for preventing and controlling computer viruses and other harmful data; To assist the public security organs in investigating and handling illegal and criminal cases that endanger the security of computer information systems.
Chapter IV Punishment
Twenty-ninth computer room does not meet the national standards and other relevant provisions of the state, endangering the safety of computer information systems, the public security organs at or above the city (prefecture) shall order users to transform within a time limit, or order them to stop using.
Construction or other activities that endanger the safety of computer information systems in the vicinity of computer rooms shall be handled by public security organs in conjunction with relevant units.
Article 30 Whoever transports, carries or mails computer information media into or out of the country without truthfully reporting to the Customs shall be punished by the Customs in accordance with relevant regulations.
Thirty-first in any of the following circumstances, the public security organ shall give a warning or order it to suspend business for rectification:
(a) the computer information system is put into use without confirming the level of security protection and obtaining a certificate of conformity;
(two) an important computer information system operator who has not obtained the safety training certificate is operating on the computer;
(three) not in accordance with the provisions of article sixteenth of these measures within the time limit;
(four) did not report the computer information system cases within the prescribed time;
(five) after being notified by the public security organ to improve the public security situation within a time limit, refusing to correct it;
(six) other acts that endanger the security of computer information systems.
Thirty-second one of the following acts, given a warning by the public security organs or fined 5000 yuan to 5000 yuan; If the case constitutes a crime, criminal responsibility shall be investigated according to law:
(a) without approval, research, collection or preservation of computer viruses;
(two) without approval, the public release of computer virus epidemic;
(three) to carry out activities involving computer virus institutions without approval;
(4) Computer software and hardware products manufactured, sold, leased or maintained contain computer viruses and other harmful data.
Thirty-third one of the following acts, given a warning by the public security organs or impose a fine of 2000 yuan to 5000 yuan for individuals, impose a fine of 5000 yuan to 15000 yuan for units; If there are illegal gains, in addition to confiscation, a fine of less than 3 times the illegal gains may be imposed:
(1) manufacturing or intentionally importing or disseminating computer viruses and other harmful data;
(2) illegally copying, intercepting or tampering with the data in the computer information system, endangering the security of the computer information system;
(3) Selling special products for computer information system security without permission.
Thirty-fourth if a party refuses to accept the administrative punishment made by the public security organ in accordance with these measures, it may apply for administrative reconsideration or bring an administrative lawsuit according to law.
Thirty-fifth in the computer information system security protection and supervision work, the public security organ staff abuse their powers, neglect their duties, engage in malpractices for selfish ends, shall be given administrative sanctions by the competent department; If a crime is constituted, criminal responsibility shall be investigated by judicial organs according to law.
Chapter V Supplementary Provisions
Article 36 The meanings of the following terms in these Measures:
Computer virus refers to a set of computer instructions or program codes compiled or inserted in a computer program, which destroys computer functions or data, affects the use of computers, and can replicate itself. Harmful data refers to data related to computer information systems, including programs that endanger the safe operation of computer information systems, or data that pose harm or potential threat to national and social security.
Computer information media refers to computer hard disks, floppy disks, optical disks, magnetic tapes, magnetic cards, paper tapes, cards, printing paper, chips and firmware that can store and carry computer programs, data and information.
Special products for computer information system security refer to special hardware and software products used to protect the security of computer information systems.
Thirty-seventh specific issues in the implementation of these measures shall be interpreted by the provincial public security department.
Article 38 These Measures shall come into force as of May 6, 1996.