承办部门: Contractor: 编制: prepared by: 生效日期: effective date: IT部 IT D XXX Xxx 1 编号: A 物理与环境安全管理办法Physical and environmental safety management measures No: 版本: Edition: 页次: Page: 18/8 文 件 更 改 履 历 Document changes 修订版本Revision 更 改 内 容 content 修订者Reviser 生效日期effective date 文 件 会 签 栏 Document Signature 修订品管部技术部版本QCD TD Revi□ □ sion A 采购部压铸部机加部营销部物流部开发部财务部管理部PurchasDie Machine ACC D MKT LogistiDevelop Manageming D Casting Additio □ cs D □ D □ ent □ □ □ D □ n D □ 编制: prepared by : 审核: Review : 批准: Approved :
承办部门: Contractor: 编制: prepared by: 生效日期: effective date: IT部 IT D XXX Xxx 1 编号: A 物理与环境安全管理办法Physical and environmental safety management measures 第一章 总则Chapter 1 General No: 版本: Edition: 页次: Page: 18/8 第一条 目的:为了适应公司物理与环境安全管理的需要,保障公司生产和办公系统的正常运行,特制定本管理办法。 Article 1 Purpose: In order to meet the needs of the company's physical and environmental safety management and ensure the normal operation of the company's production and office systems, special management measures are formulated. 第二条 依据:本管理办法根据《公司信息安全管理策略》制订。 The second basis: This management approach is based on the “Company Information Security Management Strategy”. 第三条 范围:本管理办法适用于公司。 第二章 基本要求Chapter II Basic Requirements 第四条 公司员工应根据公司运营需要对资产进行保护。公司的资产保护要求通过完成以下目标来实现: (一)确保所有资产的物理和环境保护能得到公司的有效控制。 (二)减少擅自访问或损坏或影响公司控制的资产的风险。 (三)防止公司控制的资产被人擅自删除或移动。 Article 4 The employees of the company shall protect the assets according to the operational needs of the company. The company’s asset protection requirements are achieved by completing the following goals: (1) Ensure that the physical and environmental protection of all assets can be effectively controlled by the company.
承办部门: Contractor: 编制: prepared by: 生效日期: effective date: IT部 IT D XXX Xxx 1 编号: A 物理与环境安全管理办法Physical and environmental safety management measures No: 版本: Edition: 页次: Page: 18/8 (b) reduce the risk of unauthorized access to or damage to or affecting assets controlled by the company. (c) Preventing the assets controlled by the company from being arbitrarily deleted or moved. 第五条 安全控制措施包括以下各项: (一)公司的场地(机房、办公室)的信息处理设施周围设置实际安全隔离措施,如门禁系统等。 (二)公司的大楼入口安全防范措施。 (三)防护设备避免发生火、水、极端温度/湿度、灰尘和电产生的危害。 (四)设备维护。 (五)清理资产。 Article 5 Safety control measures include the following: (1) Actual safety and isolation measures shall be set up around the information processing facilities of the company's site (machine room, office), such as the access control system. (b) Safety precautions for the building entrance of the company. (c) Protective equipment to prevent fire, water, extreme temperature/humidity, dust, and electricity. (d) Equipment maintenance. (e) Clean up assets. 第三章 安全区域Chapter III Security Zones
承办部门: Contractor: 编制: prepared by: 生效日期: effective date: IT部 IT D XXX Xxx 1 编号: A 物理与环境安全管理办法Physical and environmental safety management measures No: 版本: Edition: 页次: Page: 18/8 第六条 公司的安全区域包括中心机房和敏感部门办公区域。 Article 6 The company's security areas include the central computer room and sensitive office area. 第七条 安全区域的划分与管理参见《物理安全区域管理细则》。 Article 7 The division and management of security zones are referred to the “Management Rules for Physical Security Zones”. 第八条 物理安全边界Article 8 Physical Security Boundary 所有进入公司安全区域的人员都需经过授权,公司员工之外的人员进入公司安全区域必须登记换取不同的授权卡或访客证才能进入(持有效证件,得到被访者允许)。 All personnel who enter the company's security zone must be authorized. Persons other than company employees must enter the company's security zone to register for a different authorization card or visitor badge before they can enter (holding a valid certificate and obtaining permission from the respondent). 第九条 安全区域出入控制措施Article 9 Access Control Measures for Safe Areas (一)物理控制措施 1、机房的门禁系统必须启用,任何人都必须刷卡后才可进入机房; 2、出入机房必须登记《机房出入登记表》,记录姓名、出入时间、事由等; 3、一段时间内不会频繁进入的机房应上锁,需要时由运维人员开启进入工作,并确保办公完成后锁好; 4、机房应安装闭路电视监控。在所有安全区域的工作均应接受监督或监控。 (A) physical control measures 1. The access control system in the computer room must be enabled. Anybody must
承办部门: Contractor: 编制: prepared by: 生效日期: effective date: IT部 IT D XXX Xxx 1 编号: A 物理与环境安全管理办法Physical and environmental safety management measures No: 版本: Edition: 页次: Page: 18/8 swipe the card before entering the computer room. 2. Access to the computer room must register the “Room Room Entry and Exit Registration Form”, record the name, time of entry and exit, cause, etc.; 3. The computer room that will not be frequently accessed during a period of time should be locked. When necessary, the operation and maintenance personnel can open the work and ensure that the office is locked after the office is completed. 4. The computer room should be equipped with closed-circuit television monitoring. Work in all safe areas should be supervised or monitored. (二)合同方及第三方 1、要在主要出入口处填写《来访人员登记表》; 2、在显眼处佩戴公司发出的临时出入卡或访客证。 (B) Contracting parties and third parties 1. Fill out the \2. Wear a temporary access card or visitor badge issued by the company in a prominent place. (三)公司工作人员的控制措施 1、公司工作人员都必须在显眼处佩带胸卡; 2、公司工作人员调离公司时,其实际进入权也同时相应取消; (C) Control measures of company staff 1. Company staff must wear badges in conspicuous places; 2. When the company staff is transferred from the company, their actual access rights are also cancelled accordingly.
信息技术设备物理与环境安全管理办法
