荆州市洪湖市-土地管理业-查封登记

数据安全风险评估材料要点参考 1.数据安全风险评估主要指识别和评估登记的数据资源、产 品和服务，在收集、存储、使用、流通、披露等全流程的安全风 险情况； 2.数据安全风险评估材料应包括以下要点： （1）信息系统安全。可从网络安全防护、开发运维管理、 云数据安全等方面进行评估； （2）数据安全管理。可从安全管理制度、安全组织机构、 分类分级管理、人员安全管理、合作方管理、安全审计等方面进 行评估； （3）数据安全技术。可从加密技术、身份鉴别与访问控制、 备份恢复、监测预警等方面进行评估； （4）数据处理活动安全。可从数据脱敏、数据防泄露、数 据接口安全、数据应用合规性等方面进行评估； （5）个人信息保护。含有个人信息的，说明个人信息告知、 同意、处理情况，以及个人信息主体权利保护措施等； （6）应急处置。可从应急预案和演练、安全事件处置等方 面进行评估。 3.数据安全风险评估材料需加盖公章，可由登记主体自行提 供，或由第三方专业机构出具。

Reference Key Points for Data Security Risk Assessment Materials 1. Data security risk assessment mainly refers to the identification and evaluation of security risks of registered data resources, products and services throughout their entire lifecycle including collection, storage, use, circulation, disclosure and other stages. 2. The data security risk assessment materials shall include the following key points: (1) Information system security. Assessments can be conducted from aspects such as cybersecurity protection, development and operation management, and cloud data security. (2) Data security management. Assessments can be conducted from aspects such as security management systems, security organizational structures, classified and graded management, personnel security management, third-party partner management, and security audits. (3) Data security technology. Assessments can be conducted from aspects such as encryption technology, identity authentication and access control, backup and recovery, monitoring and early warning, etc. (4) Data processing activity security. Assessments can be conducted from aspects such as data desensitization, data leakage prevention, data interface security, and data application compliance. (5) Personal information protection. If personal information is involved, specify the notification, consent and processing status of personal information, as well as measures for protecting the rights of personal information subjects, etc. (6) Emergency response. Assessments can be conducted from aspects such as emergency plans and drills, and security incident handling. 3. The data security risk assessment materials shall be stamped with the official seal, and may be provided by the registering entity itself or issued by a third-party professional institution.