員工信息安全行為規范-中英對照

Behavior specification of staff information safety
1. 目的Purpose
通過《員工信息安全行為規范》，建立員工日常行為的可操作性規范，以促進公司信息安全目標的的實現。Regulation of “Behavior norm of staff information safety” set up daily effective norm of staff behavior, so as to promote the realization information safety of company.
2. 適用范圍Scope of application
本方針的適用對象主要包括所有部門，必要時還包括相關的外部人員（與公司有關的集成商、軟件開發商、產品提供商、顧問、商業合作伙伴、臨時工作人員和客戶以及其他第三方機構或人員等）。上述對象在利用公司的信息或接入公司信息系統時，均必須遵守該行為規范。The application scope of this guiding principle includes all departments; it also includes relevant external personnel in case of necessity (Integration supplier, software developer, products manufacturer, advisor, commercial cooperative partner, interim staff member and customer and other third party's organization or personnel of company). Above-mentioned parties shall observe this behavior norm while utilizing information of the company or access company's information system,
2.1. 職責Duty
 HR部HR department
根據公司安全管理的實際情況，制定/修訂本員工行為規范；According to the actual conditions of company's safety management, formulate / revise the edition of behavior norms of staff;
 HR部、IT部及行政部HR department, IT department and administration department
監督和檢查本規范的執行。Supervise and check the execution of this normal.
 所有員工（包括臨時員工及相關的外部人員）：All staff (include interim staff and relevant external personnel):
遵守該行為規范，并報告發現的任何違規行為Observe this behavior norm, and report any unlawful practice found
3. 術語和定義Terms and definitions
4. 相關/支持性文件Relevant / supporting document
• 《信息安全手冊》“Manual of information  safety”
• 《信息密級分類及管理指南》“Classification and management guideline of confidential information”
• 《用戶權限管理程序》“Authority management procedure of user”
• 《辦公場所安全管理規范》“Safe management standard in office”
5. 記錄管理Record management
記錄
Record 保存期限Storage period 位置
Position 責任人
Person liable
   
6. 規范內容Regulation content
6.1. 保密信息管理Management of confidential information
 根據《信息密級分類及管理指南》的相關規定標識和保護所使用、保管和建立的信息。In accordance with the regulation of relevant fixed identification and protection, store and formulation information of “Classification and management guideline of confidential information”.
 因工作需要訪問密級為秘密及以上信息的，需要向本部門負責人或信息所有者提出申請，有關權限的申請，遵循《用戶權限管理程序》。Visit confidential information in need of work shall submit an application to the department head or the information owner; as for the application of the authority shall observe the regulation of “Authority management procedure of user”.
6.2. 辦公場所出入管理The entry and exit management of office building
 遵循《辦公場所安全管理規范》。Observe the regulation of “Safe management standard in office”.
6.3. 便攜式計算機設備安全管理Safety management of the equipment of portable computer
 只有被批準的便攜式計算機設備才能允許接入公司辦公網絡；Only the portable computer equipment with authorization may access to the network of official business of company;
 未經授權，不得在公司內部使用非公司筆記本電腦；Without permission , it is prohibited to use the notebook computer not to use inside the company;
 在使用公司辦公網絡的同時，未經授權，不得連接第三方網絡；While accessing official network of company, it is prohibited to access to network of the third party without permission;
 便攜式計算機設備丟失或被竊應及時報告；Report in time while the portable computer equipment is lost or stolen;
 未經授權，便攜式計算機設備內禁止存放客戶數據以及未加密的秘密以上信息。Without permission, it is prohibited to store customer's data and unencrypted information in the portable computer.
6.4. EMAIL管理EMAIL management
 未經授權禁止使用郵箱發送代碼及數據，禁止向外部發送公司代碼及數據；It is prohibited to send the code and data without permission with E-mail; it is prohibited to send company's code and data to the outside;
 禁止在公司內使用個人信箱和外部公用信箱；It is prohibited to use the personal mailbox and outside public mailbox in company;
 公司信箱只能用于公司目的，公司有權對所發送的內容進行監控；The company mailbox can only be used in company's purpose , the company has the right to supervise the content;
 通過EMAIL發送保密信息必須遵循《信息密級分類及管理指南》的相關規定；The confidential information send through EMAIL shall follow relevant regulation on “Classification and management guideline of confidential information”;
 禁止利用公司郵箱發送或者轉發虛假、黃色、反動信息；It is prohibited to use the company postbox to send or transmit false, obscene, reactionary information;
 禁止利用公司郵箱發送或者轉發宣揚個人政治傾向或者宗教信仰；It is prohibited to use the company postbox to send or transmit and advocate personal political orientation or religious belief;
 禁止利用公司郵箱發送或者轉發發送垃圾信息；It is prohibited to use the company postbox to send or transmit and send the rubbish information;
 禁止利用公司郵箱發送或者轉發能夠引起連鎖發送的恐嚇、祝賀等信息；It is prohibited to use the company postbox to send or transmitting the threatening and congratulating information that can cause the chain reaction;
  Email發送的附件大小不能超過20M；The size of the enclosure of Email shall not exceed 20M ;
 禁止發送或者轉發可能有計算機病毒的信息；It is prohibited to send or transmit the information with computer virus;
 禁止打開來路不明的郵件并執行附件；It is prohibited to open the unknown mail and carry out the enclosure ;
  發送Email必須有清楚的主題，發送前再次確認收件人列表內的人員都是必需的。It is required to clear themes of Email; confirm personnel in the addressee again before sending shall be essential.
6.5. Internet 接入管理Internet accessing management
 辦公網段的員工，根據業務需要可以開放Internet瀏覽權限；Staff of official business network may open Internet browse authority according to the requirement of business;
 公司內的Internet 服務，只能用于工作目的，公司有權對員工的Internet上的行為進行監控；Internet service in the company can only be used in working purpose; the company has the right to control the behavior of staff on Internet;
 禁止利用公司Internet接入服務，發送或者轉發虛假、黃色、反動信息；It is prohibited to send or transmit false, obscene, reactionary information with  access service of Internet in company;
 禁止利用公司Internet接入服務發送或者轉發宣揚個人政治傾向或者宗教信仰；It is prohibited to send or transmit and advocate personal political orientation or religious belief with  access service of Internet in company;
 禁止將公司內部及以上保密信息上傳到公眾論壇、FTP等公共資源服務；It is prohibited to upload confidential information of company to public resources, such as public forum and FTP, etc.
 所有通過Internet 發送的敏感信息都必須有明確的接收人，而且是公司業務所必需的；并且遵循《信息密級分類及管理指南》的相關規定；All sensitive messages sent through Internet shall have clear receiving personal, and be essential to company business; it is required to observe the relevant regulation of “Classification and management guideline of confidential information”;
6.6. 用戶賬號及口令管理Account number and password management of user
 不得將個人賬戶/口令借/轉他人使用；It is prohibited to reveal the personal account / password to others;
 用戶首次登陸時，用戶必須更改口令；Users shall alter password for the first registration ;
 公司系統帳號的口令必需每3個月更改；客戶提供的帳號和口令遵從其規定的；客戶沒有規定的，在可行時，應每3個月更改；The password of account number of company system shall be altered every 3 months; Comply with the regulation of account number and password of customer; the regulation does not specified, if it is applicable, shall be altered every 3 months ;
 公司內所有帳號口令的最小長度為6位長度；客戶提供的帳號和口令遵從有規定的，客戶沒有規定的，在可行時，最小口令應為6位；The minimum length of all account number and passwords of company shall be 6 digits; Comply with the regulation of account number and password of customer; the regulation does not specified, if it is applicable, the minimum password should be 6 digits;
 口令必須包含字母和數字字符的組合；不得是可以輕易聯想到的帳號所有者的特性，如用戶名、綽號、親屬的姓名、生日等；The password must include the combination of letters and digital character; the password shall not be easily associated with the characteristic of the account number owner, for instance the names of user name, nickname, relative and birthday, etc.;
 不得以明文方式將口令保存在電腦內，如果需要保存密碼，必須以加密方式保存；It is prohibited to  keep the password in the computer in way of proclaimed in writing , if is is required to keep the password, keep by encrypting pattern;
 用戶的帳號口令必須不能泄露給任何人；Users' account number password shall not revealed to anyone;
 禁止在使用公共電腦登陸公司網絡時啟用自動保存賬號/口令功能；It is prohibited to launch the function of automatic storage of account number / password while using the public computer to access company's network;
 禁止將賬號、密碼保存在家用電腦中。It is prohibited to store account number and password in the personal computer.
 員工忘記密碼，要求IT部重設密碼前，應告知部門主管。IT部與用戶所在部門主管確認后， 重設密碼。If the staff forgets the password, before asking IT department to reset the password, it is required to report the supervisor of the department. After confirmation of IT supervisor of the department, IT department may reset the password.
6.7. 防病毒管理Anti-virus management
 所有連接到公司網絡的WINDOWS平臺計算機（PC/服務器）必須安裝防病毒軟件；All WINDOWS platform computers (PC / the server ) that connect to company's network shall install the anti-virus software;
 不得禁用或繞過病毒保護軟件；Forbid or avoid the protection of the anti-virus software are not allowed;
 不得私自更改客戶端防病毒軟件設置（更新設置、保護設置、自動掃描設置等）；It is prohibited to change the setting of the anti-virus software of customer end (upgrade and set up, protection sets up, auto scanning sets up etc);
 由病毒保護軟件不能自動清除并引起安全事故的病毒，必須向IT部報告；As for the virus cause the incident and cannot be removed by the software shall report to IT department ;
 如發現防病毒庫日期超過1月未更新，應及時更新，并向IT部報告。If virus storehouse was not upgraded for more than one month, it is required to upgrade in time and report to IT department.
 定期更新系統補丁，在安裝補丁前應做好相應的備份工作。Upgrade the system patch regularly; prepare the corresponding backup before installing patches.
6.8. 移動介質安全管理Safety management of moving medium
 公司內禁止使用私人的U盤、移動硬盤等可移動介質，公司配發的工作用移動介質（U盤、移動硬盤）只能用于工作用途；It is prohibited to use the moving medium such as private U disk and moving hard disk, etc. Moving medium allotted by company (U record, last hard disk) can only used in working;
6.9. 屏幕保護設置The screen protection set up
 桌面系統應啟用屏幕保護程序， 時間為5分鐘；The desk-top system should launch the screen protection program; time is about 5 minutes;
6.10. 其他安全管理Other safety management
 禁止私自在PC/筆記本內安裝超出公司規定范圍外的軟件；It is prohibited to  install the software beyond the company regulation in PC / the portable computer;
 禁止私自拆開機箱；It is prohibited to open the PC housing without permission;
 禁止私自變更任何預定的安全及網絡設置；It is prohibited to change setting of the prescribed  security and network without permission;
 禁止私自嘗試破解網絡/系統 /終端管理員及用戶密碼；It is prohibited to decipher the administrator password of network / system / terminal without permission;
 禁止私自嘗試進行網絡或端口掃描；It is prohibited to access the network or scan without permission;
 禁止通過個人PC文件共享功能，共享密級為秘密或以上的信息。It is prohibited to share the confidential information with personal PC.
 員工應保持桌面的清潔，敏感信息在無人時應鎖起來。Staff should keep cleanness of tabletop; sensitive message should be locked when nobody is absent.

武漢翻譯公司

2012.12.23