Chapter III Network Operation Security
Article 36
Translation Notice
This is an unofficial English translation prepared for general informational purposes only. It does not constitute legal advice. In case of any discrepancy, the official Chinese text published by the competent authority shall prevail.
本文为非官方英文翻译,仅供一般信息参考,不构成法律意见。如与主管机关发布的中文正式文本不一致,以中文正式文本为准。
Chinese Original
第三十六条 除本法第二十三条的规定外,关键信息基础设施的运营者还应当履行下列安全保护义务: (一)设置专门安全管理机构和安全管理负责人,并对该负责人和关键岗位的人员进行安全背景审查; (二)定期对从业人员进行网络安全教育、技术培训和技能考核; (三)对重要系统和数据库进行容灾备份; (四)制定网络安全事件应急预案,并定期进行演练; (五)法律、行政法规规定的其他义务。
English Translation
In addition to the provisions of Article 23 of this Law, operators of critical information infrastructure shall also perform the following security protection obligations: (1) establish specialized security management bodies and security management responsible persons, and conduct security background checks on those responsible persons and personnel in key positions; (2) regularly provide cybersecurity education, technical training, and skills assessment for employees; (3) conduct disaster recovery backup for important systems and databases; (4) formulate cybersecurity incident emergency plans and regularly conduct drills; and (5) perform other obligations provided by laws and administrative regulations.
Free web reference version. Editable bilingual Word/PDF/Excel packages may be provided separately after editorial review.