• Font Size:
  • S
  • M
  • L

Article NO. Content

Title:

Directions on Information and Communication Security Management and Control of New Technologies for Associations of Securities and Futures Market  CH

Amended Date: 2024.12.27 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Amended Article Legislative History Chinese
Article 9     (Management of continuity and exit of cloud services)
  1. An organization shall prepare an operation continuity management plan by conducting operation impact analysis on the information system enabling cloud services, evaluating resilience and ability of recovery of cloud services, and considering the venue where the assets, resources and data involving cloud services are located, and recovery ability of the cloud service provider.
  2. With regard to outsourced cloud operation involving materiality, when planning the test or exercise program for business continuity of cloud services, an organization shall, according to risk-based approach, determine the frequency and method of tests or exercise. It is advisable to consider preparation and establishment of operation continuity test or exercise program for cloud services in collaboration with cloud service provider, and where circumstances allow, ask the cloud service provider to participate in joint tests or exercise.
  3. An organization shall create the cloud data backup mechanism, and keep a list of backup copies. The media where backup data is stored or backup files shall be properly protected to ensure availability of information and prevention of unauthorized access.
  4. An organization shall establish the information security event reporting and management mechanism for use of cloud services.
  5. An organization shall, prior to adoption of cloud services, formulate the transfer strategies and plans for termination of use of cloud service, to ensure the services can be successfully transferred to another cloud service provider or migrated back to the organization for self-operation upon termination or end of a contract of operation.
  6. An organization shall ensure, upon termination of the outsourcing contract or termination of use of cloud services, deletion or destruction of all archived data kept by the cloud service provider (such as images of a virtual machine, storage space, cache space, backup media, client information or sensitive information) and shall ask the cloud service provider to provide the proof of a full deletion of data.