員工信息安全行為規(guī)范-中英對照

Behavior specification of staff information safety
1. 目的Purpose
通過《員工信息安全行為規(guī)范》，建立員工日常行為的可操作性規(guī)范，以促進公司信息安全目標的的實現(xiàn)。Regulation of “Behavior norm of staff information safety” set up daily effective norm of staff behavior, so as to promote the realization information safety of company.
2. 適用范圍Scope of application
本方針的適用對象主要包括所有部門，必要時還包括相關(guān)的外部人員（與公司有關(guān)的集成商、軟件開發(fā)商、產(chǎn)品提供商、顧問、商業(yè)合作伙伴、臨時工作人員和客戶以及其他第三方機構(gòu)或人員等）。上述對象在利用公司的信息或接入公司信息系統(tǒng)時，均必須遵守該行為規(guī)范。The application scope of this guiding principle includes all departments; it also includes relevant external personnel in case of necessity (Integration supplier, software developer, products manufacturer, advisor, commercial cooperative partner, interim staff member and customer and other third party's organization or personnel of company). Above-mentioned parties shall observe this behavior norm while utilizing information of the company or access company's information system,
2.1. 職責(zé)Duty
 HR部HR department
根據(jù)公司安全管理的實際情況，制定/修訂本員工行為規(guī)范；According to the actual conditions of company's safety management, formulate / revise the edition of behavior norms of staff;
 HR部、IT部及行政部HR department, IT department and administration department
監(jiān)督和檢查本規(guī)范的執(zhí)行。Supervise and check the execution of this normal.
 所有員工（包括臨時員工及相關(guān)的外部人員）：All staff (include interim staff and relevant external personnel):
遵守該行為規(guī)范，并報告發(fā)現(xiàn)的任何違規(guī)行為Observe this behavior norm, and report any unlawful practice found
3. 術(shù)語和定義Terms and definitions
4. 相關(guān)/支持性文件Relevant / supporting document
• 《信息安全手冊》“Manual of information  safety”
• 《信息密級分類及管理指南》“Classification and management guideline of confidential information”
• 《用戶權(quán)限管理程序》“Authority management procedure of user”
• 《辦公場所安全管理規(guī)范》“Safe management standard in office”
5. 記錄管理Record management
記錄
Record 保存期限Storage period 位置
Position 責(zé)任人
Person liable
   
6. 規(guī)范內(nèi)容Regulation content
6.1. 保密信息管理Management of confidential information
 根據(jù)《信息密級分類及管理指南》的相關(guān)規(guī)定標識和保護所使用、保管和建立的信息。In accordance with the regulation of relevant fixed identification and protection, store and formulation information of “Classification and management guideline of confidential information”.
 因工作需要訪問密級為秘密及以上信息的，需要向本部門負責(zé)人或信息所有者提出申請，有關(guān)權(quán)限的申請，遵循《用戶權(quán)限管理程序》。Visit confidential information in need of work shall submit an application to the department head or the information owner; as for the application of the authority shall observe the regulation of “Authority management procedure of user”.
6.2. 辦公場所出入管理The entry and exit management of office building
 遵循《辦公場所安全管理規(guī)范》。Observe the regulation of “Safe management standard in office”.
6.3. 便攜式計算機設(shè)備安全管理Safety management of the equipment of portable computer
 只有被批準的便攜式計算機設(shè)備才能允許接入公司辦公網(wǎng)絡(luò)；Only the portable computer equipment with authorization may access to the network of official business of company;
 未經(jīng)授權(quán)，不得在公司內(nèi)部使用非公司筆記本電腦；Without permission , it is prohibited to use the notebook computer not to use inside the company;
 在使用公司辦公網(wǎng)絡(luò)的同時，未經(jīng)授權(quán)，不得連接第三方網(wǎng)絡(luò)；While accessing official network of company, it is prohibited to access to network of the third party without permission;
 便攜式計算機設(shè)備丟失或被竊應(yīng)及時報告；Report in time while the portable computer equipment is lost or stolen;
 未經(jīng)授權(quán)，便攜式計算機設(shè)備內(nèi)禁止存放客戶數(shù)據(jù)以及未加密的秘密以上信息。Without permission, it is prohibited to store customer's data and unencrypted information in the portable computer.
6.4. EMAIL管理EMAIL management
 未經(jīng)授權(quán)禁止使用郵箱發(fā)送代碼及數(shù)據(jù)，禁止向外部發(fā)送公司代碼及數(shù)據(jù)；It is prohibited to send the code and data without permission with E-mail; it is prohibited to send company's code and data to the outside;
 禁止在公司內(nèi)使用個人信箱和外部公用信箱；It is prohibited to use the personal mailbox and outside public mailbox in company;
 公司信箱只能用于公司目的，公司有權(quán)對所發(fā)送的內(nèi)容進行監(jiān)控；The company mailbox can only be used in company's purpose , the company has the right to supervise the content;
 通過EMAIL發(fā)送保密信息必須遵循《信息密級分類及管理指南》的相關(guān)規(guī)定；The confidential information send through EMAIL shall follow relevant regulation on “Classification and management guideline of confidential information”;
 禁止利用公司郵箱發(fā)送或者轉(zhuǎn)發(fā)虛假、黃色、反動信息；It is prohibited to use the company postbox to send or transmit false, obscene, reactionary information;
 禁止利用公司郵箱發(fā)送或者轉(zhuǎn)發(fā)宣揚個人政治傾向或者宗教信仰；It is prohibited to use the company postbox to send or transmit and advocate personal political orientation or religious belief;
 禁止利用公司郵箱發(fā)送或者轉(zhuǎn)發(fā)發(fā)送垃圾信息；It is prohibited to use the company postbox to send or transmit and send the rubbish information;
 禁止利用公司郵箱發(fā)送或者轉(zhuǎn)發(fā)能夠引起連鎖發(fā)送的恐嚇、祝賀等信息；It is prohibited to use the company postbox to send or transmitting the threatening and congratulating information that can cause the chain reaction;
  Email發(fā)送的附件大小不能超過20M；The size of the enclosure of Email shall not exceed 20M ;
 禁止發(fā)送或者轉(zhuǎn)發(fā)可能有計算機病毒的信息；It is prohibited to send or transmit the information with computer virus;
 禁止打開來路不明的郵件并執(zhí)行附件；It is prohibited to open the unknown mail and carry out the enclosure ;
  發(fā)送Email必須有清楚的主題，發(fā)送前再次確認收件人列表內(nèi)的人員都是必需的。It is required to clear themes of Email; confirm personnel in the addressee again before sending shall be essential.
6.5. Internet 接入管理Internet accessing management
 辦公網(wǎng)段的員工，根據(jù)業(yè)務(wù)需要可以開放Internet瀏覽權(quán)限；Staff of official business network may open Internet browse authority according to the requirement of business;
 公司內(nèi)的Internet 服務(wù)，只能用于工作目的，公司有權(quán)對員工的Internet上的行為進行監(jiān)控；Internet service in the company can only be used in working purpose; the company has the right to control the behavior of staff on Internet;
 禁止利用公司Internet接入服務(wù)，發(fā)送或者轉(zhuǎn)發(fā)虛假、黃色、反動信息；It is prohibited to send or transmit false, obscene, reactionary information with  access service of Internet in company;
 禁止利用公司Internet接入服務(wù)發(fā)送或者轉(zhuǎn)發(fā)宣揚個人政治傾向或者宗教信仰；It is prohibited to send or transmit and advocate personal political orientation or religious belief with  access service of Internet in company;
 禁止將公司內(nèi)部及以上保密信息上傳到公眾論壇、FTP等公共資源服務(wù)；It is prohibited to upload confidential information of company to public resources, such as public forum and FTP, etc.
 所有通過Internet 發(fā)送的敏感信息都必須有明確的接收人，而且是公司業(yè)務(wù)所必需的；并且遵循《信息密級分類及管理指南》的相關(guān)規(guī)定；All sensitive messages sent through Internet shall have clear receiving personal, and be essential to company business; it is required to observe the relevant regulation of “Classification and management guideline of confidential information”;
6.6. 用戶賬號及口令管理Account number and password management of user
 不得將個人賬戶/口令借/轉(zhuǎn)他人使用；It is prohibited to reveal the personal account / password to others;
 用戶首次登陸時，用戶必須更改口令；Users shall alter password for the first registration ;
 公司系統(tǒng)帳號的口令必需每3個月更改；客戶提供的帳號和口令遵從其規(guī)定的；客戶沒有規(guī)定的，在可行時，應(yīng)每3個月更改；The password of account number of company system shall be altered every 3 months; Comply with the regulation of account number and password of customer; the regulation does not specified, if it is applicable, shall be altered every 3 months ;
 公司內(nèi)所有帳號口令的最小長度為6位長度；客戶提供的帳號和口令遵從有規(guī)定的，客戶沒有規(guī)定的，在可行時，最小口令應(yīng)為6位；The minimum length of all account number and passwords of company shall be 6 digits; Comply with the regulation of account number and password of customer; the regulation does not specified, if it is applicable, the minimum password should be 6 digits;
 口令必須包含字母和數(shù)字字符的組合；不得是可以輕易聯(lián)想到的帳號所有者的特性，如用戶名、綽號、親屬的姓名、生日等；The password must include the combination of letters and digital character; the password shall not be easily associated with the characteristic of the account number owner, for instance the names of user name, nickname, relative and birthday, etc.;
 不得以明文方式將口令保存在電腦內(nèi)，如果需要保存密碼，必須以加密方式保存；It is prohibited to  keep the password in the computer in way of proclaimed in writing , if is is required to keep the password, keep by encrypting pattern;
 用戶的帳號口令必須不能泄露給任何人；Users' account number password shall not revealed to anyone;
 禁止在使用公共電腦登陸公司網(wǎng)絡(luò)時啟用自動保存賬號/口令功能；It is prohibited to launch the function of automatic storage of account number / password while using the public computer to access company's network;
 禁止將賬號、密碼保存在家用電腦中。It is prohibited to store account number and password in the personal computer.
 員工忘記密碼，要求IT部重設(shè)密碼前，應(yīng)告知部門主管。IT部與用戶所在部門主管確認后， 重設(shè)密碼。If the staff forgets the password, before asking IT department to reset the password, it is required to report the supervisor of the department. After confirmation of IT supervisor of the department, IT department may reset the password.
6.7. 防病毒管理Anti-virus management
 所有連接到公司網(wǎng)絡(luò)的WINDOWS平臺計算機（PC/服務(wù)器）必須安裝防病毒軟件；All WINDOWS platform computers (PC / the server ) that connect to company's network shall install the anti-virus software;
 不得禁用或繞過病毒保護軟件；Forbid or avoid the protection of the anti-virus software are not allowed;
 不得私自更改客戶端防病毒軟件設(shè)置（更新設(shè)置、保護設(shè)置、自動掃描設(shè)置等）；It is prohibited to change the setting of the anti-virus software of customer end (upgrade and set up, protection sets up, auto scanning sets up etc);
 由病毒保護軟件不能自動清除并引起安全事故的病毒，必須向IT部報告；As for the virus cause the incident and cannot be removed by the software shall report to IT department ;
 如發(fā)現(xiàn)防病毒庫日期超過1月未更新，應(yīng)及時更新，并向IT部報告。If virus storehouse was not upgraded for more than one month, it is required to upgrade in time and report to IT department.
 定期更新系統(tǒng)補丁，在安裝補丁前應(yīng)做好相應(yīng)的備份工作。Upgrade the system patch regularly; prepare the corresponding backup before installing patches.
6.8. 移動介質(zhì)安全管理Safety management of moving medium
 公司內(nèi)禁止使用私人的U盤、移動硬盤等可移動介質(zhì)，公司配發(fā)的工作用移動介質(zhì)（U盤、移動硬盤）只能用于工作用途；It is prohibited to use the moving medium such as private U disk and moving hard disk, etc. Moving medium allotted by company (U record, last hard disk) can only used in working;
6.9. 屏幕保護設(shè)置The screen protection set up
 桌面系統(tǒng)應(yīng)啟用屏幕保護程序， 時間為5分鐘；The desk-top system should launch the screen protection program; time is about 5 minutes;
6.10. 其他安全管理Other safety management
 禁止私自在PC/筆記本內(nèi)安裝超出公司規(guī)定范圍外的軟件；It is prohibited to  install the software beyond the company regulation in PC / the portable computer;
 禁止私自拆開機箱；It is prohibited to open the PC housing without permission;
 禁止私自變更任何預(yù)定的安全及網(wǎng)絡(luò)設(shè)置；It is prohibited to change setting of the prescribed  security and network without permission;
 禁止私自嘗試破解網(wǎng)絡(luò)/系統(tǒng) /終端管理員及用戶密碼；It is prohibited to decipher the administrator password of network / system / terminal without permission;
 禁止私自嘗試進行網(wǎng)絡(luò)或端口掃描；It is prohibited to access the network or scan without permission;
 禁止通過個人PC文件共享功能，共享密級為秘密或以上的信息。It is prohibited to share the confidential information with personal PC.
 員工應(yīng)保持桌面的清潔，敏感信息在無人時應(yīng)鎖起來。Staff should keep cleanness of tabletop; sensitive message should be locked when nobody is absent.

武漢翻譯公司

2012.12.23