信息安全管理控制程序(中英文)

信息安全管理控制程序

1.0 目的(Purpose)

保持信息的保密性、完整性和可用性

Ensure information confidentiality, completeness and availability

2.0 范围(Scope)

适用于有关公司IT信息类别的资产所采取的安全措施。

Applicable for IT information the safety measures taken for property.

3.0 职责Responsibility

IT负责对公司各类信息资产进行保护、监控、备份、记录。

IT is responsible for protecting, supervising, backing up and recording all the informationassets.

4.0 程序Procedures

4.1 公司信息资产的分类

Classification of company information assets

4.1.1 A类:财务信息、业务信息、生产信息、技术资料等

A: Finacial Information. Business Information. Production Information. Technical Documents and so on.

4.1.2 B类:系统信息、辅助信息、网络通信、个人工作文档等

B: system information, assisting information, Internet connection, personal work files and so on.

4.1.3 C类:主要归为信息资产中的硬件设备

C:hard wares

4.1.4 A类及B类信息资产应定期备份，具体规定见《数据备份管理控制程序》。

A and

B information assets is back up regularly according to Data Backup Management Control

Procedure

4.2 物理安全的管理

Safety management

4.2.1 机房的管理 host computer room

4.2.1.1 IT负责机房钥匙的管理，进出机房必须填写好《机房进出登记表)) IT keeps the keys and fills the host computer server login record whenever entering and exiting the room.

4.2.1.2 若有外部人员需进入机房安装、维修设备，应取得部门经理批准并在公司网管人员陪同下_[作

If the other people needs to enter the room for installing and maintaining the equipments accompanied by the IT people, after getting approval from department manager.

4.2.1.3 网管人员应对机房环境进行监控及巡查，井做好记录，以确保机房内设备的正常运作;

IT people checks and records the room environment to ensure the equipments run in working order.

4.2.1.4 定期检查灭火器等辅助设备