Regulations
of Shenzhen Economic Special Zone on the Administration of Public
Safety of Computer Information
System |
Original
adopted by the 101th Execute Meeting of the Second People' s
Government of Shenzhen
Municipality. As signed and Promulgated by
Mayor Li-zibing on Jul 17th 1998. |
Regulations
of Shenzhen Economic Special Zone on the Administration of Public
Safety of Computer Information
System
|
Chapter I General Provisions
|
Article
1 These
regulations are formulated in accordance with the actual situation
in Shenzhen Economic Special
Zone (hereinafter referred to as the
Special Zone),for the purpose of safeguarding the safety of
computer information system, maintaining public order of computer
information system and promoting social stabilization.
|
Article
2 These regulations are applicable to the administration of
public safety of computer information system (hereinafter
referred
to as computer safety administration) of the following application
units of computer information
system of the Special Zone:
The
computer information system of operation and service units of
computer information network;
|
(1)
the computer information system using in storage, disposal
and transfer public information and confidential materials
by the
government agencies;
|
(2)
the computer information system of financing unit ,
securities unit or public service unit;
|
(3)
the computer information system of national defense
construction,the most advanced branches of technology and the
state key unit of economic construction;
|
(4)
other computer information systems influencing materially
on social public interest.
|
Article
3
The computer information system in these regulations refers
to the man-machine system composing of computer and its
correlative and necessary equipments and facilities and using in
collection, machining, storage,
transmission, searches of
information according to established applicable aim and rule.
|
Article
4 The
Public Security Organization of the People' s
Government of Shenzhen Municipality ( hereinafter referred to the
Municipal Competent Authority)
is the competent authority of
computer safety administration of the Special Zone while its
affiliated
Administrative Department of Computer Safety shall
undertake the task of computer safety administration formulated
in
these regulations.
|
Any
other relevant functional departments of the government shall
undertake the concerned tasks of
computer safety administration
for cooperation with the municipal competent authority within its
scope of official duties.
Article
5 The municipal
competent authority shall develop the propaganda, education and
communication of safety
of computer information system, instruct
activities of trade association of safety technology of computer
information system and supply technical services of safeguard
system of computer information system for
the application units of
computer information system
Chapter
II Safety
Administration of Computer Application Unit
|
Article
6 The
computer application unit shall establish and perfect the
safeguard system of computer information
system which includes
administration of technical safety and administration of safety
organization.
The administration of technical safety includes the
administration of substantiation safety, software safety, input
and output control and network safety of computer information
system as well as safety audit and
risk analysis and so cn. The
administration of safety organization includes establishment of
safety
organization, perfect all kinds of systems of safety
administration, workout contingency plan and so on. The municipal
competent authority shall supervise and instruct the application
unit to set up and perfect the safeguard
system of computer
information system.
Article
7 The municipal
competent authority, in the presence of the concerned competent
authorities of People'
s Government of Shenzhen Municipality,
shall issue the trade technical regulations on computer safety
administration in accordance with the trade characteristics of
computer application unit. The safeguard system
of computer
application unit shall not less than the minimum safety demands of
such trade technical
regulations.
Article 8 The
person liable for computer safety administration confirmed by the
computer application unit shall
carry out the following duties:
|
(1)
to organize to propagandize the laws, regulations and
relevant policies on computer safety administration;
|
(2)
to study out and organize to carry out the rules and
systems of computer safety administration of the unit concerned;
|
(3)
to organize regular inspection of safety operation
circumstance of computer information system and eliminate hidden
troubles of safety immediately;
|
(4)
to take charge of organizing safety audit;
|
(5)
to take charge of organizing safety education and training
of the employed of computer of the unit concerned;
|
(6)
to report to the municipal competent authority and take
careful and skillful measures to protect the scene of crime
and
prevent from enlargement of harm in the case of happening safety
accident or computer crime. The
safety accident referred in these regulations is the incident with
social harmfulness resulting
from artificial or natural factor in
computer information system. The computer crime referred in these
regulations is the case of crime aiming at or making use of
computer information system.
|
Article 9 The
computer application unit shall be equipped with computer safety
technician according to the trade
technical regulations of
computer safety administration.
|
The
computer safety technician shall carry out the following duties:
|
(1)
to carry out rules and systems of computer safety
administration of the unit concerned;
|
(2)
to inspect and test the safety operation circumstance of
computer information system and eliminate hidden troubles
of
safety immediately according to the trade technical regulations of
computer safety administration;
|
(3)
to report to the person liable for safety administration of
the unit concerned or to the municipal competent authority
directly, to take careful and skillful measure to protect the
scene of crime and prevent from enlargement
of harm in the case of
safety accident or computer crime.
|
The computer safety technician shall pass the safety
technology training approved by the municipal competent authority
and undertake relevant work only after passing the training and
getting the certification of competency
with the period of
validity of two years.
Article 10 The
special product using in computer information system safety using
by the computer application
unit shall comply with the concerned
national technical regulations or shall pass the inspection by the
professional inspection institution which not less than the
minimum safety demands of technical regulations
of computer safety
administration of the trade concerned.
|
The
special product using in computer information system safety
referred in the preceding clause is
the special hardware and
software products using in protection of computer information
system safety.
|
The
municipal competent authority shall issue regular notification for
promulgating the list of special
products of computer information
system safety.
Article
11 The computer
application unit shall report to the municipal competent authority
within 24 hours from
discovering the safety accident or the
computer crime in computer information system.
|
Article
12 Where
the sudden accidence happening in computer information system may
damage to public safety, the
municipal competent authority shall
take emergency measures such as suspend internet connection and
suspend using computer for examination against computer
application unit but shall assist the computer application
unit to
do safety protection work in advance.
|
Chapter
III Safety Inspection of Computer Information System
|
|
Article
13
The computer information system of the application unit
shall be under the operational test with a period of six months
after finishing construction. It shall be under the inspection of
safety system by the professional
inspection institution during
the operational test. If succeeding in the inspection, it shall be
granted the Competent Certificate of Safety Inspection of Computer
Information System by the municipal competent
authority; if
failing in the inspection, it shall be ordered to rectify
according to the trade technical
regulations of computer safety
administration. Any computer information system which doesn' t
satisfy
with the minimum safety demand shall not be started using
formally,
|
Article
14 The
inspection of safeguard system of computer information system
shall include the followings:
|
(1) the person liable for computer safety administration and
safety technician; |
(2)
the system of safety administration and safety audit;
(3)
the capability of computer software and the circumstance of
computer room;
|
(4)
the reliability of computer system software, application
software and database;
|
(5)
the measures of technology safety;
|
(6)
the result of technical test
|
The
safety demands of safeguard system of computer information system
of trades shall be promulgated
after being enacted by the
municipal competent authority in the presence of the municipal
competent
authority of concerned trade.
Article
15 The computer
information system of application unit shall receive the
inspection of safeguard system
by the professional inspection
institution every year. If succeeding in the inspection, it shall
be granted the Qualification Certification of Annual Inspection of
Safeguard System of Computer Information System.
Otherwise, it
shall be ordered to improve according to the trade technical
regulations of computer
safety administration. Any computer
information system, which doesn' t satisfy with the minimum
safety
requirement, shall not use continually.
Article 16 The
professional inspection institution shall ensure normal operation
of production, teaching, scientific
research and management of the
computer application unit and keep the commercial secret . The
computer
application unit may appeal to the municipal competent
authority for organizing to reinspection if it objects to
the
inspection result by the professional inspection institution.
Article
17 Where the
equipment renew or alteration of computer information system by
the application unit inferences
the safeguard directly, the
professional inspection institution shall inspect the part which
under
the influence and ensure to satisfy the minimum safety
requirement.
Article
18 The municipal
competent authority may consign the professional inspection
institution to inspect its
safeguard system when it considers the
application unit exists hidden trouble of safety. If have any
questions, it shall be ordered to rectify in the time limit by the
municipal competent authority in accordance
with the trade
technical regulations on computer safety administration.
|
Article
19
Any inspection of safeguard system of computer information system
or inspection of the minimum safe
requirement of the special
product of computer information system shall be undertaken by the
professional
inspection institution with inspection qualification
authorized by the municipal competent authority. The professional
inspection institution shall inspect according to the trade
technical regulations on computer safety
administration and
provide inspection report in reality, impersonality, equity and
integrity.
|
The
copy of inspection report of safeguard system of computer
information system shall be referred to
the municipal competent
authority for records by the professional inspection institution. |
Chapter
IV Computer
Information Safety and Administration of Injurious Data
|
Article
20
The computer application unit shall enact the
administration system of information safety and do safety audit of
information for preventing the information from increase, cut,
amendment or copy illegally.
Article
21 Any
information which is administrated and issued by the computer
application unit shall be reality,
integrity and reliability.
Article
22 The computer
application unit shall set up the data backup system of computer
information system and
to save the duplicate data according to the
trade technical regulations on computer safety administration.
Article
23 Any unit and
individual, who think that his (its) legal rights and interests
are infringed by the
computer information system, may complain to
the municipal competent authority or other relevant competent
authorities.
|
Any
complaint, from which may damage public safety for the municipal
competent authority or other
relevant competent authorities, shall
be investigated and verified. If existing hidden trouble of safety
of application unit, it shall be ordered to rectify.
Article 24 Any unit or individual shall not create,
proliferate intentionally a computer virus or other injurious
data, or conduct lectures or training about computer virus
mechanism. Any teaching unit shall not instruct means
of creating
a computer virus during teaching.
Article
25 The municipal
competent authority takes charge of promulgate important epidemic
situation of computer
virus. Any unit or individual shall not
issue epidemic situation of computer virus by any means.
Article 26 The
computer application unit shall execute the following duties in
administration of injurious data:
|
(1)
to establish and carry out special administration system of
computer virus or other injurious data;
|
(2)
to inspect computer virus or other injurious data before
using computer software and hardware;
|
(3)
to inspect computer virus and other injurious data
regularly and to eliminate immediately in the case of suspecting
computer virus or other injurious data;
|
(4)
to take protection measures and take samples to refer to
the municipal competent authority within 24 hours from suspecting
computer virus incapable of elimination;
|
(5)
to assist the municipal competent authority to investigate
the resource of computer virus.
|
Article
27 Any
product from any unit or individual which creates, sells, leases,
repairs or bestows commercially
all kinds of computer products,
shall be inspected and shall not bear computer virus and other
injurious
data.
|
Chapter
V Administration of
Public Order of Computer Information Network
|
Article
28 Any operating
unit of computer information network, who applies for doing
internet business, shall
apply to the competent authority of
internet connection unit or other competent authorities who are
entitled to accept the application for internet business for the
Permit for Internet Business;
Any service unit of computer information network , who
applies for doing internet business, shall subject to the approval
by the competent authority or other competent authorities who is
entitled to accept the application
for internet business. Any uses
of computer information system , who connects internet with
foreign
computer information system through physical communication
channel, shall file in table for records according to
the facts
within 30 days upon the date dredging network, changing network
means or terminating network
and shall handle procedures of
record, alternation or logoff in the municipal competent authority
under the assistance of the service unit or operating unit of
computer information network.
Article
29 Any
computer information system of application unit which connects
with internet, shall take safe
protection measures according to
the trade technical regulations.
Article 30 Any
unit using public account in connect with computer information
system network, shall establish
administration system of public
account use. The administration unit of operating and opening
computer
room shall set up the register and administration system
of user.
Article
31 Any unit and
individual shall not engage in following acts:
|
(1)
to create, spread and copy injurious information by making use of
computer information network;
(2) to invade into
computer information network illegally;
(3) to increase,
abridge , modify and disturb the function of computer information
system resulting
in interfering in normal operation of computer
information system in violation of the state regulations;
(4) to increase,
abridge, modify and copy the application procedure or data which
is saved, disposed
or transmitted in the computer information
system in violation of state regulations;
(5) to steal
information resource in computer information system illegally;
|
(6)
to consult email box of any other person without
authorization;
|
(7)
to send email of another as one' s own
|
(8)
to disturb computer information network intentionally ;
|
(9)
to do other acts damaging safety of computer information
system.
|
Article
32
The operation and service unit of computer information
network who takes charge of information safety and public order
safety of network concerned shall execute the following duties:
(1)
to enact safety administration system and to do safety instruction
for the network user concerned;
|
(2)
to carry out safety technology measures and to ensure the
operation safety of network concerned
and issued information
safety
(3)
to establish information auditing system of electronic
announcement system and to eliminate injurious
information with
reactionary or obscene contents;
(4) to reserve relevant auditing records and report to the
municipal competent authority immediately in the case of
suspecting circumstances of the
article 31in these regulations;
(5) to
assist the municipal competent authority to check and manage the
internet illegal acts.
Article
33 The municipal
competent authority shall monitor regularly the situation of
public order of computer
information network and settle any
incidents affecting public order immediately for maintain the
safety of public order of computer information network.
Chapter VI
Legal Responsibility
Article 34 Anyone,
who in violation of these regulations with one of the following
acts, shall be ordered to
rectify and may be fined not more than
10,000 yuan:
(1) where the
computer application unit fails to appoint the person liable for
computer safety or
equip with computer safety technician;
(2) where the
computer application unit fails to report to the municipal
competent authority within
24 hours upon the time suspecting
safety accident or computer crime in computer information system
of the unit concerned;
(3) where the
computer application unit uses the disqualified special product of
computer information
system safety;
(4) where the
computer application unit fails to establish the safeguard system
of computer information
system safety;
(5) where using the
computer information system without authorization which doesn' t
inspected or
isn' t up to the minimum safety requirement of the
technical regulations of computer safety administration of the
trade concerned after being inspected;
(6)
where the computer application unit
fails to inspect computer virus and other injurious data according
to regulations and result in damage;
(7)
where the unit using public account to connect the computer
information system network fails to establish administration
system of public account use.
(8)
Where the management unit of operating and opening computer
room fails to establish register and management system
of users;
(9)
Where the operating and service unit of computer
information network fails to establish the information audit
system of electronic announcement system;
(10)
Where the operating and service unit of computer
information network suspects the circumstances stipulated in
article 31 of these regulations but fails to reserve relevant
audit records or fail to report to the
municipal competent
authority,
Article
35 The person
liable for safety or the safety technician of the computer
application unit, who fails
to execute duties stipulated in these
regulations and resulting in safety accidents or serious damages,
shall be given a disciplinary warning by the municipal competent
authority and be imposed disciplinary or
economic punishment by
the unit concerned under the suggestion of the municipal
competent authority;
If the circumstances are serious, criminal
liability shall be pursued according to laws.
|
Article
36
Any professional inspection institution, who maks false
statement in inspection report in violation of these
regulations,shall be ordered to rectify by the municipal competent
authority; if the circumstances are
serious, it shall be cancelled
the inspection qualification. Any professional inspection
institution,
in violation of these regulations, failing to keep
commercial secret of computer application unit and resulting in
infringing its legal rights and interests, shall be bear the legal
liability and be cancelled inspection
qualification by the
municipal competent authority.
Article 37 Any
computer application unit that its information is increased,
abridged, modified or copied illegally
because of the faultiness
of safety administration system , if resulting in losses, shall be
given
a disciplinary warning.
|
Article
38
Anyone, who in violation of these regulations with one of the
following acts, shall be given a disciplinary
warning and also be
ordered to stop unlawful acts. The unit shall be fined not more
than 50,000 yuan
while the individual shall be fined not more than
5,000yuan; If there are illegal gains, a fine of not less than
the
amount of but not more than three times the illegal gains shall be
imposed; If the circumstances
are serious, criminal liability
shall be pursed according to law.
(1) to create,
proliferate intentionally a computer virus or other injurious data
(2)
to conduct lectures or training about
computer virus mechanism without authorization;
(3) to issue epidemic
situation of computer virus to society without authorization;
(4)
to create, sell, lease, repair or bestow commercially
computer products with computer virus and other injurious data.
Article
39 Anyone, who in
violation of the article 28 of these regulations, shall be given a
disciplinary warning
by the municipal competent authority and be
ordered to stop connecting internet; the operating or service unit
may also be fined not more than 15,000yuan and the user may also
be fined not more than 1,000yuan;
If there are illegal gains, a
fine of not less than the amount of but not more than three times
the
illegal gains shall be imposed.
Article
40 Anyone, who in
violation of the article 39 of these regulations, shall be given a
disciplinary warning
by the municipal competent authority; the
unit may also be fined not more than 50,000 yuan while the
individual may also be fined not more than 5,000 yuan; if there
are illegal gains, a fine of not less than the
amount of but not
more than three times the illegal gains shall be imposed.
Article 41 Where the computer information system of
application unit with fatal safety hidden trouble fails to rectify
within the time limit specified by the municipal competent
authority and may affect the safety of computer
information system
seriously if it continue to operate, the application unit shall be
ordered to
stop operation for rectification by the municipal
competent authority.
|
Chapter
VII Supplementary
Articles
Article
42
These
regulations shall come into force on the date of their
promulgation. |