員工信息安全行為規范翻譯-中英 Behavior norm of staff information safety Edition record 版本Edition 變更理由 Alteration reason 編寫 Audit 發布日期 Date issued 生效日期Effective date 1.0 版本建立 批準人（簽名）： Approved by (Sign): 日期: Date: 員工信息安全行為規范Behavior specification of staff information safety 1. 目的Purpose 通過《員工信息安全行為規范》，建立員工日常行為的可操作性規范，以促進公司信息安全目標的的實現。Regulation of “Behavior norm of staff information safety” set up daily effective norm of staff behavior, so as to promote the realization information safety of company. 2. 適用范圍Scope of application 本方針的適用對象主要包括所有部門，必要時還包括相關的外部人員（與公司有關的集成商、軟件開發商、產品提供商、顧問、商業合作伙伴、臨時工作人員和客戶以及其他第三方機構或人員等）。上述對象在利用公司的信息或接入公司信息系統時，均必須遵守該行為規范。The application scope of this guiding principle includes all departments; it also includes relevant external personnel in case of necessity (Integration supplier, software developer, products manufacturer, advisor, commercial cooperative partner, interim staff member and customer and other third party's organization or personnel of company). Above-mentioned parties shall observe this behavior norm while utilizing information of the company or access company's information system, 2.1. 職責Duty  HR部HR department 根據公司安全管理的實際情況，制定/修訂本員工行為規范；According to the actual conditions of company's safety management, formulate / revise the edition of behavior norms of staff;  HR部、IT部及行政部HR department, IT department and administration department 監督和檢查本規范的執行。Supervise and check the execution of this normal.  所有員工（包括臨時員工及相關的外部人員）：All staff (include interim staff and relevant external personnel): 遵守該行為規范，并報告發現的任何違規行為Observe this behavior norm, and report any unlawful practice found 3. 術語和定義Terms and definitions 4. 相關/支持性文件Relevant / supporting document • 《信息安全手冊》“Manual of information safety” • 《信息密級分類及管理指南》“Classification and management guideline of confidential information” • 《用戶權限管理程序》“Authority management procedure of user” • 《辦公場所安全管理規范》“Safe management standard in office” 5. 記錄管理Record management 記錄 Record 保存期限Storage period 位置 Position 責任人 Person liable 6. 規范內容Regulation content 6.1. 保密信息管理Management of confidential information  根據《信息密級分類及管理指南》的相關規定標識和保護所使用、保管和建立的信息。In accordance with the regulation of relevant fixed identification and protection, store and formulation information of “Classification and management guideline of confidential information”.  因工作需要訪問密級為秘密及以上信息的，需要向本部門負責人或信息所有者提出申請，有關權限的申請，遵循《用戶權限管理程序》。Visit confidential information in need of work shall submit an application to the department head or the information owner; as for the application of the authority shall observe the regulation of “Authority management procedure of user”. 6.2. 辦公場所出入管理The entry and exit management of office building  遵循《辦公場所安全管理規范》。Observe the regulation of “Safe management standard in office”. 6.3. 便攜式計算機設備安全管理Safety management of the equipment of portable computer  只有被批準的便攜式計算機設備才能允許接入公司辦公網絡；Only the portable computer equipment with authorization may access to the network of official business of company;  未經授權，不得在公司內部使用非公司筆記本電腦；Without permission , it is prohibited to use the notebook computer not to use inside the company;  在使用公司辦公網絡的同時，未經授權，不得連接第三方網絡；While accessing official network of company, it is prohibited to access to network of the third party without permission;  便攜式計算機設備丟失或被竊應及時報告；Report in time while the portable computer equipment is lost or stolen;  未經授權，便攜式計算機設備內禁止存放客戶數據以及未加密的秘密以上信息。Without permission, it is prohibited to store customer's data and unencrypted information in the portable computer. 6.4. EMAIL管理EMAIL management  未經授權禁止使用郵箱發送代碼及數據，禁止向外部發送公司代碼及數據；It is prohibited to send the code and data without permission with E-mail; it is prohibited to send company's code and data to the outside;  禁止在公司內使用個人信箱和外部公用信箱；It is prohibited to use the personal mailbox and outside public mailbox in company;  公司信箱只能用于公司目的，公司有權對所發送的內容進行監控；The company mailbox can only be used in company's purpose , the company has the right to supervise the content;  通過EMAIL發送保密信息必須遵循《信息密級分類及管理指南》的相關規定；The confidential information send through EMAIL shall follow relevant regulation on “Classification and management guideline of confidential information”;  禁止利用公司郵箱發送或者轉發虛假、黃色、反動信息；It is prohibited to use the company postbox to send or transmit false, obscene, reactionary information;  禁止利用公司郵箱發送或者轉發宣揚個人政治傾向或者宗教信仰；It is prohibited to use the company postbox to send or transmit and advocate personal political orientation or religious belief;  禁止利用公司郵箱發送或者轉發發送垃圾信息；It is prohibited to use the company postbox to send or transmit and send the rubbish information;  禁止利用公司郵箱發送或者轉發能夠引起連鎖發送的恐嚇、祝賀等信息；It is prohibited to use the company postbox to send or transmitting the threatening and congratulating information that can cause the chain reaction;  Email發送的附件大小不能超過20M；The size of the enclosure of Email shall not exceed 20M ; 武漢翻譯公司 2013.12.7