Notice of the Guangdong Provincial People's Government on Printing and Distributing the Interim Measures for the Information Security Management of E-government in Guangdong Province

Article 1 In order to promote the development of e-government in our province and ensure the healthy operation of e-government in our province, these measures are formulated according to the guidance of the National Leading Group for E-government Construction and the actual situation in our province. ? Article 2 E-government information security work shall follow the principles of paying attention to practical results, promoting development, strengthening management and actively preventing. ? Article 3 The Office of the Provincial Informatization Leading Group shall, according to the decision of the Provincial Informatization Leading Group, be responsible for organizing and coordinating the e-government information security work in the whole province, and inspecting and supervising the implementation. The relevant departments of the province are responsible for the specific work of e-government information security according to their respective functions. The municipal e-government department is responsible for the information security of e-government in this Municipality. Article 4 The provincial e-government information security working group is led by the office of the provincial informatization leading group and composed of the provincial information industry department, the secrecy bureau, the public security department and the science and technology department. It is responsible for formulating the province's e-government information security strategy and work norms, and establishing the province's e-government information security risk assessment system. All units should formulate their own e-government information security measures, conduct regular security risk assessment, implement the information security responsibility system, establish and improve information security rules and regulations, and report them to the competent e-government department at the same level for the record in June each year. ? Article 5 The e-government network consists of a physically separated government internal network and a government external network. E-government intranet is the office private network of government departments, connecting four provincial teams and provincial departments. The information security management of e-government intranet should strictly implement the relevant provisions of the state. ? Article 6 E-government extranet is a special business network of the government. To build a unified e-government extranet in the whole province, all professional service business systems that do not involve state secrets and face the society and business systems that do not need to run on the intranet must be accessed or built on the e-government extranet, and information security measures required by the e-government extranet should be taken. ? Seventh e-government extranet must be logically isolated from the Internet and other public information networks. The province unified management of e-government extranet international Internet export. Any e-government application system that accesses the e-government extranet shall not access the Internet without authorization. Government websites running on the Internet must take necessary information security measures before they can access the e-government extranet. ? Eighth in the e-government extranet to establish a unified digital certificate authentication system, the establishment of e-government security trust mechanism and authorization management mechanism. The digital certificate issued by the provincial e-government certification center must be used in the application system that accesses the e-government extranet. Municipalities can directly use the digital certificate registration service provided by the provincial e-government certification center, or establish a digital certificate registration service center in this city according to the actual application, and be responsible for the digital certificate registration within this city. ? Ninth levels of e-government extranet network management units responsible for the level of e-government extranet public security work, the establishment of information network security responsibility system. It is necessary to conduct real-time monitoring of the external network managed at the same level, conduct regular safety performance testing, and regularly inform the competent department of network security status information to provide security early warning services for its network users. ? Tenth e-government extranet should establish emergency response and disaster recovery mechanism. Emergency support center and data disaster backup center shall formulate data backup system, formulate accident emergency response and safeguard measures, formulate data disaster recovery strategy and disaster recovery plan, and report to the competent department of e-government information security at the same level for the record. The main databases and important basic databases of the province's e-government application system must be backed up in different places in the emergency support center and the data disaster backup center. ? Article 11 All units shall determine the security level of their e-government application systems in accordance with the national protection standards for information security protection levels, and carry out security construction, security management and border protection in accordance with the protection standards. Each unit is responsible for the safety work before the application system of the unit is connected to the e-government extranet, and cooperates with the network management unit to carry out network security management and inspection. ? Twelfth units should be clear about the standard process of information collection, release and maintenance, to ensure that the data information of its e-government application system is true, accurate, safe and reliable. All units shall, in accordance with the principle of "whoever goes online is responsible", ensure that the data and information they run on the e-government extranet are true and reliable, and shall not involve state secrets. ? Thirteenth units of e-government application system to establish access control mechanism of data information, according to the importance of data information, access and storage levels, set access and storage rights, to prevent unauthorized access to data information. ? Fourteenth units of the e-government application system to establish information audit tracking mechanism, every time users access the system, as well as system errors and configuration changes and other information should be recorded in detail. ? Fifteenth units of e-government application system should establish a computer virus prevention mechanism, and regularly carry out the testing of anti-virus software approved by the relevant state departments. ? Sixteenth units shall, according to the national standards such as "Computer Website Safety Requirements" and "Computer Website Technical Requirements", carry out the safety construction and management of the websites and facilities of their e-government application systems.