• Font Size:
  • S
  • M
  • L

Chapter Content

Title:

Reference Guidelines on the Protection of the Information and Communication Systems of Service Enterprises in Securities and Futures Markets  CH

Announced Date: 2024.01.09 (Articles 15 amended,English version coming soon)
Current English version amended on 2022.04.26 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese 
   Chapter 3 Incident Logs and Accountability
Article 7    (Incident Records)
  1. An organization shall set forth the recording frequency and retention policy of the computer audit records (logs) of the information and communication system and retain such records for a minimum of three years.
  2. The information and communication system shall be equipped with the function of recording specific incidents and determine the specific information and communication incidents to record.
  3. The information and communication system shall record the various functions executed by the administrator account and re-examine on a daily basis the results of an use of the most privileged account of a core system and a core system privileged account with special functions (such as a program or software change, modification of privilege level of a parameter or configuration).
  4. An organization shall review on a regular basis the computer audit records (logs) generated by a core system. Regular reviews of non-core systems are advised.
Article 8    (Content and Capacity of Computer Audit Records (Logs))
  1. A computer audit record (log) generated by the information and communication system shall include information pertaining to the incident such as the type, time, location, and user identification. Day logs are advised to ensure consistency. Other relevant information shall be incorporated in accordance with the information and communication security policy set forth by the organization, laws and regulations, and business needs of the organization.
  2. The information and communication system shall provide the storage capacity required for storage of computer audit records (logs).
Article 9    (Responses to Processing Failure of Computer Audit Records (Logs))
  1. An organization shall take appropriate action when processing of computer audit records (logs) of the information and communication system fails.
  2. When an incident occurs where processing of computer audit records (logs) fails of which an immediate alert is required in respect of a core system of a type 1 organization, it is advisable for the core system to give a warning to specific personnel within the time prescribed by the organization.
Article 10    (Timestamps and Synchronization)
  1. The information and communication system shall use timestamps required for computer audit records (logs) as produced by the internal clock of the system and be able to correspond to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
  2. The internal clock of the information and communication system shall be calibrated to the sources of mean time on a regular basis.
Article 11    (Protection of Information of Computer Audit Records (Logs))
  1. For management purposes, access to computer audit records (logs) is limited to authorized users only.
  2. A core system shall apply hashing or other appropriate comprehensive mechanism of protection. A comprehensive mechanism of protection is advised for a non-core system
  3. A core system of a type 1 organization shall make a regular backup of computer audit records (logs) in other external physical systems.