汇业评论 | 《采购项目之网络安全审查与申报指引》要点索引(中英文版)
网信办、工信部、公安部、市监总局等12部门联合发布的《网络安全审查办法》将于2020年6月1日生效,对企业采购/提供网络安全产品和服务(以下统称“产品”)影响重大。
The Cybersecurity Review Measures jointly issued by the 12 departments including the Cyberspace Administration, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation will take effect on June 1, 2020, which will have significant impact on purchasing / providing cybersecurity products and services (hereinafter referred to as "products") for enterprises.
为了帮助企业开展采购项目的网络安全审查与申报工作,根据《国家安全法》、《网络安全法》、《网络安全审查办法》、《关键信息基础设施安全保护条例(送审稿)》等规定,参考相关标准、行业实践及类似项目服务经验,汇业律师事务所网络与数据法律团队起草了适用于采购方的《采购项目之网络安全审查与申报指引》(中英文版),现将本指引的要点索引发布如下,仅供参考。
In order to help enterprises carry out cybersecurity review and declaration of procurement projects, according to the National Security Law, Cybersecurity Law, Cybersecurity Review Measures, Critical Information Infrastructure Security Protection Regulations(Manuscript), etc., refer to relevant standards, Industry practice and service experience of similar projects, the network and data compliance service team of Huiye Law Firm drafted the " Cybersecurity Review and Reporting Guidelines-Index of Key Points (Chinese and English Version)" applicable to the purchasers. Now the index of the key points of this guideline is published as follows, only for reference.
要点索引全文:
点击文末“阅读原文”下载中文版PDF;发送邮件索取中/英文版PDF。
要点索引目录:
01
采购项目的网络安全审查制度
Cybersecurity Review System for Procurement Project
1.1 建议采购方制定国家安全审查制度及指引
1.1 Advice on the establishment of a national security review system and guidelines to purchasers
1.2 建议采购方建立CII及CIIO动态识别机制
1.2 Advice on the establishment of Dynamic identification mechanism on CII and CIIO
1.3 建议采购方制定产品类别参考目录
1.3 Advice on the formulating of Product Category Reference Catalog to purchasers
1.4 建议采购方明确内部责任机构及责任人员
1.4 Advice on the clearing of internal responsible institution and responsible personnel
1.5 建议采购方建立审查控制机制
1.5 Advice on the establishment of review and control mechanism
1.6 建议采购方建立留痕与归档机制
1.6 Advice on the establishment of recording and filing mechanism
02
采购项目的网络安全风险预评估指引
Guidelines for pre-assessment of cybersecurity risks in procurement projects
2.1 采购项目的需求背景调研
2.1 Demand background research on procurement projects
2.2 采购协议、保密协议及承诺文件审查
2.2 Review of purchase agreements, confidentiality agreements and commitment documents
2.3 采购项目的国家安全风险预判要素
2.3 National Security Risk Prediction for the Procurement Projects
2.4 采购项目的预评估报告
2.4 Pre-assessment report of the procurement project
03
采购项目的网络安全审查申报与救济
Declaration and relief of cybersecurity review for the procurement project
3.1 申报材料准备
3.1 Preparation of application materials
3.2 申报材料递交
3.2 Submission of application materials
3.3 材料补正和整改
3.3 Material correction and rectification
3.4 申报救济
3.4 Declaration of relief
04
供应商合规持续管理
Continuous compliance management of the supplier
4.1 供应商持续管理
4.1 Continuous management of the supplier
4.2 风险事件处置
4.2 Risk event handling
关于本指引的任何问题,欢迎来函咨询:
For any questions about this guide, please feel free to inquire:
黄春林:Ramon.huang@huiyelaw.com
李天航:tianhang.li@huiyelaw.com
黄春林
汇业律师事务所高级合伙人
Ramon.huang@huiyelaw.com
李天航
汇业律师事务所高级合伙人
tianhang.li@huiyelaw.com
作者往期文章推荐:
2020版《网络安全审查办法》解读:从技术安全走向供应链安全
支付结算与外汇交易的刑事法律风险与边界
大数据行业之数据缓存合规:玫瑰如何赠,余香能否留
增值电信业务许可之告知承诺审批:羞答答的玫瑰静悄悄地开
带刺的玫瑰:上海自贸区离岸数据中心试点政策解读
中国央行数字货币DC/EP的十大法律猜想
《个人金融信息保护技术规范》解读:全生命周期的技术与管理二元合规控制
十余位网安及数据合规大牛热评新书《网络与数据法律实务:法律适用与合规落地》
十余位知名外企法务大咖热评新书《网络与数据法律实务:法律适用与合规落地》
点击文末“阅读原文”,输入提取码:ev3q,下载中文版PDF;发送邮件索取中/英文版PDF。