>>>welcome visitor, haven't logged in. Login
Subscribe Now Contact us  
Font Size:  A A A Search “Fabao” Window English 中文 = 简体  繁体
  Favorite   DownLoad   Print
 
Notice by the General Office of the China Banking and Insurance Regulatory Commission of Conducting Special Campaign of Cybersecurity in the Banking and Insurance Industries [Effective]
中国银保监会办公厅关于开展银行业和保险业网络安全专项治理工作的通知 [现行有效]
【法宝引证码】

Notice by the General Office of the China Banking and Insurance Regulatory Commission of Conducting Special Campaign of Cybersecurity in the Banking and Insurance Industries 

中国银保监会办公厅关于开展银行业和保险业网络安全专项治理工作的通知

(No. 129 [2019] of the General Office of the China Banking and Insurance Regulatory Commission) (银保监办发〔2019〕129号)

All local offices of the China Banking and Insurance Regulatory Commission (“CBIRC”); all policy banks, large-scale banks, and joint-stock banks; Postal Savings Bank of China; foreign-funded banks; financial assets management companies; all insurance group (holding) companies, insurance companies, and insurance assets management companies; and other financial institutions under the CBIRC: 各银保监局,各政策性银行、大型银行、股份制银行,邮储银行,外资银行,金融资产管理公司,各保险集团(控股)公司、保险公司、保险资产管理公司,其他会管金融机构:
For the purposes of thoroughly implementing the spirit of the central government's instructions on the cybersecurity work and the spirit of the National Banking and Insurance Industry Supervision and Administration Work Meetings in 2019, strengthening the prevention of major risks in cybersecurity, and effectively completing the cybersecurity assurance work for the celebration of the 70th Anniversary of the Founding of the People's Republic of China (hereinafter referred to as the “70th Anniversary”), and comprehensively enhancing the cybersecurity risk response capacity in the banking and insurance industries, the CBIRC has decided to organize and carry out a special campaign of cybersecurity in the banking and insurance industries. You are hereby notified of the relevant matters as follows: 为深入贯彻落实中央关于网络安全工作的指示精神和2019年全国银行业和保险业监督管理工作会议精神,加强网络安全重大风险防范,做好庆祝中华人民共和国成立70周年(以下简称国庆70周年)网络安全保障工作,全面提高银行业和保险业的网络安全风险应对能力,银保监会决定组织开展银行业和保险业网络安全专项治理工作。现将有关事项通知如下:
I. Overall work requirements   一、总体工作要求
1. Establishing and implementing the cybersecurity responsibility system. All banking and insurance institutions shall effectively assume the primary responsibility of preventing cybersecurity risks, strengthen top-level design and overall planning, and incorporate cybersecurity into their development strategies and major work items. A cybersecurity responsibility system shall be established. The person in charge shall be the first responsible person of cybersecurity, and the senior executive in charge of cybersecurity shall be the direct responsible person. An internal accountability investigation and assessment system for cybersecurity shall be established, the assessment indicators of responsible persons shall be specified, and the responsibilities shall be assigned, to ensure that the cybersecurity responsibilities are implemented level by level. The information security organization structure shall be improved and the security management system and process shall be optimized. The risk management and auditing departments shall fully maximize the role of cybersecurity risk assessment and supervision, and strengthen risk warning and problem rectification supervision. (一)建立并落实网綹安全责任制。各银行保险机构要切实承担起网络安全风险防范的主体责任,加强顶层设计和统筹规划,把网络安全纳入机构发展战略,列入重大工作事项。要建立本单位网络安全责任制,机构负责人作为网络安全第一责任人,分管网络安全的高管人员为直接责任人。要建立网络安全内部责任追究与考核制度,明确责任人考核指标,压实责任,确保网络安全责任层层落实。要完善信息安全组织架构,优化安全管理制度、流程。风险管理和审计部门要充分发挥网络安全风险评估与监督作用,加强风险提示和问题整改监督。
2. Strengthening the security governance of key fields. First, the construction of a safe business operation system shall be strengthened. A safe business operation team shall be established, the operation mechanism shall be improved, and the foundation of cybersecurity risk monitoring, security analysis, security incident management, and security emergency response capabilities shall be consolidated. The early warning research and rapid disposal of system operation risk, cybersecurity incidents, and abnormal trading behaviors shall be strengthened, the depth defense system for cybersecurity shall be improved, and the system's capacity of withstanding destruction of internal and external attacks shall be improved. Second, strengthening the protection of customer information. The classified and multi-tranche standards for data security shall be developed, and a protection system covering the full life circle of customer information shall be established, to prevent data from being stolen. Data access authorization and auditing shall be strictly implemented, and unauthorized access, abnormal disclose of mass flow of data and other risks shall be handled in a timely manner. Data interaction security management with third-party institutions shall be strengthened, specifications for the security of data exchange shall be developed, and the “minimized” access principle shall be followed, to ensure that customers' sensitive information is not provided for or disclosed to cooperative institutions. Third, the specifications for the security management of partners and external platforms under the open banking system shall be established, strict access standards for external apps shall be developed, and the assessment of access of cooperative institutions shall be strengthened. Under the principle of “minimizing” open services, the security management of open banking interfaces shall be strengthened, the coupling degree between the banking system and third-party platforms shall be reduced, and emergency isolation shall be effectively conducted, to reduce the derivative risk impact of partners. Fourth, the mechanisms for introduction of new technologies, and for application security assessment and access of open source technologies shall be established, risk monitoring and disposal of scientific and technological innovation and application of new technologies shall be strengthened, in-depth investigation of business process design flaws shall be conducted in an in-depth manner, and the interaction between cybersecurity risk monitoring and development process shall be advanced, to prevent lowering of the cybersecurity management and control standards due to business innovation.
......
 (二)加强重点领域安全治理。一是要加强安全运营体系建设。建立安全运营队伍,完善运营机制,夯实网络安全风险监控、安全分析、安全事件管理、安全应急响应能力基础。加强系统运行风险、网络安全事件、异常交易行为的预警研判和快速处置,完善网络安全纵深防御体系,提高系统抵御内外部攻击破坏的能力。二是强化客户信息保护。要制定数据安全分类分级标准,构建覆盖客户信息全生命周期的保护体系,防范数据被窃取。严格数据访问授权和审计,及时处置非授权访问、大流量数据异常外传等风险。加强与第三方机构的数据交互安全管理,建立数据交换安全规范,遵循“最小化”访问原则,确保不向合作机构提供、泄露客户敏感信息。三是建立开放银行体系下对合作伙伴、外部平台的安全管理规范,制定严格的外部应用接入标准,加强合作机构准入评估。按照“最小化”开放服务原则,加强开放银行接口安全管理,降低银行系统与第三方平台间的耦合度,做好应急隔离,降低合作方衍生的风险影响。四是建立新技术引入、开源技术应用安全评估与准入机制,加强科技创新、新技术应用的风险监测与处置,深入排查业务流程设计缺陷,推进网络安全风险监测与开发过程的联动,防止因业务创新而降低网络安全管控标准。
......

Dear visitor, as a premium member of this database, you will get complete access to all content.Please go premium and get more.

1. To become a premium member, please call 400-810-8266 Ext. 171.

2. Binding to the account with access to this database.

3. Apply for a trial account.

4. To get instant access to a document, you can Pay Amount 【¥300.00】 for your single purchase.
 
您好:您现在要进入的是北大法宝英文库会员专区。
如您是我们英文用户可直接 登录,进入会员专区查询您所需要的信息;如您还不是我们 的英文用户;您可通过网上支付进行单篇购买,支付成功后即可立即查看本篇内容。
Tel: +86 (10) 82689699, +86 (10) 82668266 ext. 153
Mobile: +86 13311570713
Fax: +86 (10) 82668268
E-mail:info@chinalawinfo.com
     
     
Scan QR Code and Read on Mobile
【法宝引证码】        北大法宝en.pkulaw.cn
Message: Please kindly comment on the present translation.
 
Confirmation Code:
Click image to reset code
 
  Translations are by lawinfochina.com, and we retain exclusive copyright over content found on our website except for content we publish as authorized by respective copyright owners or content that is publicly available from government sources.

Due to differences in language, legal systems, and culture, English translations of Chinese law are for reference purposes only. Please use the official Chinese-language versions as the final authority. Lawinfochina.com and its staff will not be directly or indirectly liable for use of materials found on this website.

We welcome your comments and suggestions, which assist us in continuing to improve the quality of our materials as we dynamically expand content.
 
Home | About us | Disclaimer | Chinese