Provisions on Internet Security Supervision and Inspection by Public Security Authorities (“Provisions”)will be implemented from 1 Nov. 2018
In recent years, the legislation and enforcement of the cybersecurity have been strengthened continuously. Recently, the Ministry of Public Security released the “Provisions on Internet Security Supervision and Inspection by Public Security Authorities”, which will be implemented from 1 Nov. 2018.
For those enterprises which has an official website, or be a online sale platform, or provide internet information service, it is recommended to go through the internal management on those website, platform, or service, in accordance with the inspection requirements in the “Provisions”.
The “Provisions” stipulates 3 categories of inspection, which are the general inspection, the targeted inspection and special inspection.
1.The general inspection, refers to the inspection on the qualification (including changes) of the party, the basic technique measures. The inspection contents mainly include:
(1)The file procedure of the accessing entities;
(2)The cybersecurity management system and operating procedures, the persons responsible for cybersecurity;
(3)The technical measures for recording and retaining users’ registration information and weblog data;
(4)The technical measures for preventing computer viruses, network attacks, and network intrusion, among others;
(5)The technical measures for preventing information which is prohibited to be issued or transmitted by the laws and administrative regulations.
2.The targeted inspection refers to the inspections according to the type of Internet services provided, which mainly includes:
(1) Internet access services:whether the network addresses, and the distribution and use thereof are recorded and retained;
(2) Internet data centers: whether the user information on the hosting, lease of host and lease of virtual space provided is recorded;
(3) Internet domain name services: whether the application for and change in the Internet domain name is recorded, and whether the disposal measures are taken for the illegal domain names according to the law;
(4) Internet information services: whether the measures for the management of information issued by users have been taken according to the law, and whether disposal measures have been taken for the issued or transmitted information that is prohibited to be issued or transmitted by laws and administrative regulations according to the law, and the relevant records have been kept;
(5) Internet content distribution services: whether the content distribution network and the content source web link are recorded;
(6) Internet public access services: whether the technical measures for network and information security protection meeting the national standards have been taken.
3. The special inspection refers to, the inspection to Internet service providers and online users relevant to the major national cybersecurity protection missions,during the period of major national cybersecurity protection tasks. The contents mainly include the work plan, cybersecurity risk assessment, risk management and control measures, the cybersecurity emergency response plans and the relevant facilities for emergency response, and so on.