Joke Collection Website - Bulletin headlines - Express service user information security system
Express service user information security system
Chapter 1 General Provisions
Article 1 is to strengthen the security management of personal information of mail and delivery service users in the postal industry, protect the legitimate rights and interests of users, maintain postal communication and information security, and promote the healthy development of the postal industry , These regulations are formulated in accordance with the "Postal Law of the People's Republic of China", "Regulations of the Standing Committee of the National People's Congress on Strengthening Network Information Protection", "Postal Industry Safety Supervision and Management Measures" and other laws, administrative regulations and relevant regulations.
Article 2: These regulations shall apply to activities involving the security of users’ personal information and related supervision and management when operating and using mailing services within the territory of the People’s Republic of China.
Article 3 The personal information of users of delivery services (hereinafter referred to as user information of delivery services) as mentioned in these regulations refers to the personal information of users in the process of using delivery services, including the name of the sender (recipient), Address, ID number, phone number, unit name, as well as delivery details, order number, time, item details, etc.
Article 4: The supervision and management of postal user information security adheres to the policy of safety first, prevention first, and comprehensive management to ensure the security of users’ personal information.
Article 5: The postal administration department of the State Council is responsible for the supervision and management of delivery user information security in the national postal industry.
The postal management agencies of provinces, autonomous regions, and municipalities directly under the Central Government are responsible for the supervision and management of postal user information security within their respective administrative regions.
Postal management agencies below the provincial level established in accordance with the provisions of the State Council are responsible for the supervision and management of postal user information security in their respective jurisdictions.
The postal administration department of the State Council, the postal administration agencies of provinces, autonomous regions, and municipalities directly under the Central Government, as well as the postal administration agencies below the provincial level, are collectively referred to as the postal administration departments.
Article 6: The postal management department shall cooperate with relevant departments to improve the security mechanism for postal user information and maintain the security of postal user information.
Article 7: Postal enterprises, express delivery enterprises and their employees shall abide by national regulations on information security management and these regulations to prevent the leakage and loss of delivery user information.
Chapter 2 General Provisions
Article 8 Postal enterprises and express delivery enterprises shall establish and improve delivery user information security systems and measures, and clarify the security responsibilities of various departments and positions within the enterprise. Strengthen delivery user information security management and security responsibility assessment.
Article 9: Enterprises that operate express delivery services through franchises shall enter into the franchise agreement a clause on the security of delivery user information to clarify the security responsibilities of the franchisee and the franchisee. When an information security incident occurs to a franchisee, the franchisee shall bear corresponding security management responsibilities in accordance with the law.
Article 10: Postal enterprises and express delivery enterprises shall sign confidentiality agreements for delivery user information with their employees, clarifying confidentiality obligations and liability for breach of contract.
Article 11 Postal enterprises and express delivery enterprises shall organize employees to conduct knowledge and skills training related to the security protection of user information, strengthen professional ethics education, and continuously improve the legal concepts and sense of responsibility of employees.
Article 12 Postal enterprises and express delivery enterprises shall establish a mechanism for handling complaints about delivery users’ information security, publish effective contact information, and accept and handle relevant complaints in a timely manner.
Article 13 Postal companies and express delivery companies that are entrusted by online shopping, TV shopping, mail order and other operators to provide delivery services shall enter into provisions for the security of delivery user information when signing an agreement with the entrusting party. Clarify the scope and methods of information use, security protection measures for information exchange, division of responsibilities for information leakage, etc.
Article 14: Postal and express delivery companies that entrust a third party to enter delivery user information shall confirm that they have the ability to ensure information security, and establish information security clauses to clearly define the division of responsibilities. If an information security incident occurs to a third party and results in the leakage or loss of delivery user information, postal and express delivery companies shall bear corresponding responsibilities in accordance with the law.
Article 15: Without explicit authorization by law or the written consent of the user, postal enterprises, express delivery enterprises and their employees shall not provide the delivery user information they possess to any unit or individual.
Article 16 The staff of the public security organs, national security organs or procuratorial organs shall access and inspect the physical and electronic information files of the delivery details in accordance with the procedures prescribed by law. Postal enterprises and express delivery enterprises shall cooperate and The relevant information will be kept confidential.
Article 17: Postal enterprises and express delivery enterprises shall establish an emergency response mechanism for delivery user information security. For sudden delivery user information security incidents, remedial measures should be taken immediately, reported to the postal management department in accordance with regulations, and cooperated with the investigation and handling of the postal management department and relevant departments, and no late reporting, omission, false reporting, or concealment of reporting is allowed.
Chapter 3 Physical Information Security Management of Delivery Details Sheets
Article 18 Postal enterprises and express delivery companies shall strengthen the management of delivery details sheets and register the issuance of blank delivery details sheets. Track the entire number segment and form a tracking record.
Article 19 Postal enterprises and express delivery enterprises shall strengthen the management of business premises and processing sites, strictly prohibit irrelevant personnel from entering and exiting mail (express mail) processing and storage sites, and strictly prohibit unrelated personnel from contacting and browsing mail (express mail), preventing The physical information of the delivery details form (hereinafter referred to as the physical information) was leaked during the processing process.
Article 20 Postal and express delivery companies should optimize the delivery processing process and reduce the number of processing links and operators who are exposed to physical information.
Article 21: Postal enterprises and express delivery enterprises shall adopt effective technical means to prevent the leakage of physical information during the delivery process.
Article 22 Postal enterprises and express delivery enterprises shall be equipped with safety monitoring equipment that meets national standards, and arrange personnel with specialized technologies and skills to monitor physical goods in the collection, sorting, transportation, delivery and other links. Information processing is monitored securely.
Article 23 Postal enterprises and express delivery companies shall establish and improve the physical file management system for delivery details, implement centralized and closed management, determine centralized storage locations, and promptly collect and properly keep delivery details. The establishment or change of centralized storage locations must be reported to the local postal management department in a timely manner.
Article 24 Postal enterprises and express delivery enterprises shall set up dedicated personnel to manage the centralized storage location of physical files of delivery details, and take necessary safety protection measures to ensure storage safety.
Article 25 Postal enterprises and express delivery enterprises shall establish and strictly implement a physical file inquiry and management system for delivery details. When internal personnel need to access files for work, they should ensure that the files are intact and complete the access registration, and are not allowed to take them away from the storage place without permission.
Article 26: Physical files of delivery details shall be kept according to the period specified by relevant national standards. After the storage period expires, the enterprise will conduct centralized destruction, keep records of destruction, and it is strictly prohibited to discard or sell it.
Article 27 Postal enterprises and express delivery enterprises shall conduct regular self-examinations on the security of physical information, record the self-inspections, and promptly eliminate information security risks discovered during self-examinations.
Chapter 4 Electronic Information Security Management of Delivery Details
Article 28 Postal enterprises and express delivery enterprises shall, in accordance with national regulations, strengthen information systems and network facilities related to user information of delivery services security management.
Article 29 The network architecture of the information system of postal enterprises and express delivery enterprises shall comply with national information security management regulations, reasonably divide security areas, achieve effective isolation between security areas, and have prevention, monitoring and The ability to block damage from internal and external cyberattacks.
Article 30 Postal enterprises and express delivery enterprises shall be equipped with necessary anti-virus software and hardware to ensure that information systems and networks have the ability to prevent computer viruses, prevent malicious codes from damaging information systems and networks, and avoid information leakage or tampered with.
Article 31: When building information systems and networks, postal enterprises and express delivery enterprises shall avoid using default passwords and security parameters provided by information system and network suppliers, and shall not use the default passwords and security parameters transmitted through open public networks. Encryption measures are adopted to deliver user information, and remote access to information systems and network equipment is strictly reviewed and monitored.
Article 32: When purchasing computer software, hardware products or technical services, postal enterprises and express delivery enterprises shall sign confidentiality agreements with suppliers to clarify their security responsibilities and cooperate in the event of information security incidents. The postal management department and relevant departments have the obligation to investigate.
Article 33: Postal enterprises and express delivery enterprises shall establish an internal audit system for information system security, conduct regular internal audits, and promptly rectify problems discovered.
Article 34 Postal enterprises and express delivery enterprises shall strengthen the permission management of information systems and networks, and allocate to employees the minimum operating permissions and accessibility that meet work needs based on the principles of permission minimization and permission separation. the minimum information range.
Postal enterprises and express delivery enterprises should strengthen the management of information systems and databases, so that network managers only have the authority to operate, maintain and optimize information systems, databases, and networks. Maintenance operations by network managers must be authorized by the security administrator and monitored and audited by security auditors.
Article 35: Postal enterprises and express delivery enterprises shall strengthen password management of information systems, use high-security password strategies, change passwords regularly, and are prohibited from disclosing passwords to irrelevant personnel.
Article 36 Postal enterprises and express delivery companies shall strengthen the storage security management of electronic information of delivery users, including:
(1) Using independent physical areas to store delivery user information is prohibited. Unauthorized personnel enter and exit the area;
(2) Use encrypted methods to store delivery user information;
(3) Ensure the safe use, safekeeping and disposal of computers and computers that store delivery user information. Mobile devices and removable storage media. Clarify the person in charge of managing data storage equipment and media, establish a registration system for the use and borrowing of equipment and media, and restrict the use of equipment output interfaces. If storage equipment and media are scrapped, the delivery user information and data in them should be deleted promptly, and the hardware should be destroyed.
Article 37 Postal enterprises and express delivery enterprises shall strengthen the application security management of delivery user information, review all operations of batch export, copying, and destruction of user personal information, and adopt anti-leakage measures. At the same time, Record the personnel, time, place and matters of the operation and reserve them as the basis for information security audit.
Article 38: Postal enterprises and express delivery enterprises shall strengthen information security audits of employees who have left their jobs, and promptly delete or disable system accounts of employees who have left their jobs.
Article 39 Postal enterprises and express delivery enterprises shall formulate technical rules for the secure interconnection of information systems between the enterprise and relevant market entities, conduct access reviews of information systems that store delivery service information, and conduct regular security risk assessments Evaluate.
Chapter 5 Supervision and Management
Article 40 The postal management department shall perform the following duties in accordance with the law:
(1) Formulate policies to ensure the security of mailing user information, systems and related standards, and supervise their implementation;
(2) Supervise and guide postal enterprises and express delivery enterprises to implement information security responsibility systems, and urge enterprises to strengthen delivery user information security management;
( 3) Monitoring, early warning and emergency management of delivery user information security;
(4) Supervise and guide postal enterprises and express delivery companies to carry out publicity, education and training on delivery user information security;
(5) Implement supervision and inspection of delivery user information security on postal enterprises and express delivery companies in accordance with the law;
(6) Organize investigations or participate in investigations of delivery user information security incidents, and investigate and punish violations of delivery user information security management regulations in accordance with the law ;
(7) Other duties stipulated in laws, administrative regulations and rules.
Article 41 The postal management department shall strengthen the publicity of the information security management system and knowledge of delivery users in the postal industry, strengthen the information security management awareness of postal enterprises, express delivery enterprises and their employees, and improve users’ personal awareness of information security. Understanding of information security protection.
Article 42: The postal management department shall strengthen the monitoring and early warning of the security operation of delivery user information in the postal industry, establish an information management system, and collect and analyze various types of information related to information security.
The postal management department at the lower level shall promptly report the information security situation of delivery users in the postal industry to the postal management department at the higher level, and notify industry and informatization, communications management, public security, national security, commerce and industrial and commercial administration as necessary. and other relevant departments.
Article 43: The postal management department shall inspect the establishment and implementation of delivery user information security management systems by postal enterprises and express delivery enterprises, standardize the information security protection behavior of employees, and prevent information security risks.
Article 44: If the postal management department discovers that postal enterprises or express delivery enterprises have violated the regulations on the security management of delivery users' information and have hindered or may hinder the security of delivery users' information, they shall investigate and deal with it in accordance with the law. If illegal acts involve the management powers of other departments, the postal management department shall work with relevant departments to investigate and deal with the postal and express delivery companies involved.
Article 45: The postal management department shall strengthen supervision and inspection of postal enterprises, express delivery enterprises and their employees' compliance with these regulations.
Article 46: Postal enterprises and express delivery enterprises that refuse to cooperate with the supervision and inspection of delivery users’ information security shall be punished in accordance with the provisions of Article 77 of the Postal Law of the People’s Republic of China.
Article 47: Postal enterprises, express delivery enterprises and their employees who cause losses to users by leaking delivery user information shall compensate them in accordance with the law.
Article 48 If postal enterprises, express delivery enterprises and their employees illegally provide delivery user information and it does not constitute a crime, they shall be punished in accordance with Article 76 of the "Postal Law of the People's Republic of China" Provide for penalties. If a crime is constituted, the case shall be transferred to judicial organs for criminal liability.
Article 49: Any unit or individual has the right to report violations of these regulations to the postal management department. After receiving the report, the postal management department shall promptly handle it in accordance with the law.
Article 50: The postal management department may notify postal and express delivery companies within the industry of violations of delivery user information security management regulations, information security incidents, and the handling of relevant responsible personnel. The above information may be released to the public when necessary, except when it involves state secrets, business secrets and personal privacy.
Article 51 Postal management departments and their staff shall keep confidential the delivery user information that they learn in the course of performing their duties, and shall not leak, tamper with or destroy it, sell it or illegally provide it to others.
Article 52: Postal management department staff abuse their power, neglect their duties, engage in malpractice for personal gain in the supervision and management of user information security, in accordance with Article 55 of the "Postal Industry Safety Supervision and Management Measures" regulations to be dealt with.
- Previous article:New curriculum standard of primary school Chinese
- Next article:Solar photovoltaic industry advertising slogans
- Related articles
- Where is the red base in Quzhou?
- List of 2020 Beijing New Year's Goods Series
- "Take-away brother pay attention to safety, thank you!" What other touching warm words are there in typhoon days?
- Tips on saving water
- Life and work require refueling and perseverance, as well as happiness and happiness. English translation
- 21 Jay Chou Chongqing Concert Time, Concert Introduction
- Why do riders who love off-road vehicles call Mitsubishi Pajero "Bobcat"?
- Slogan of moral civilization construction
- Is Suzhou Railway Station or high-speed railway station?
- Can flip-flops get on the plane? There are no clear rules.