DB43/T—2023 284543 湖南省地方标准 ICS CCS 01.140.20 L 70 发 布 湖南省市场监督管理局2023-1 1发布-09 2024-02实施-0 9重要信息系统具体范围和识别规则 Specific scope and identification rules of important information systems DB43/T 2845—2023 I 目 次 前言 ································ ································ ································ ························ Ⅲ 1 范围 ································ ································ ································ ····················· 1 2 规范性引用文件 ································ ································ ································ ······ 1 3 术语和定义 ································ ································ ································ ············ 1 4 具体范围 ································ ································ ································ ··············· 2 5 识别因素 ································ ································ ································ ··············· 3 5.1 承载重要数据 ································ ································ ································ ··· 3 5.2 承载重要业务 ································ ································ ································ ··· 3 5.3 承载个人信息 ································ ································ ································ ··· 3 5.4 等级保护级别 ································ ································ ································ ··· 3 6 识别与认定 ································ ································ ································ ············ 3 6.1 工作流程 ································ ································ ································ ········· 3 6.2 运营者开展重要信息系统识别 ································ ································ ·············· 4 6.3 行业主管或监督管理部门认定 ································ ································ ·············· 4 6.4 报送结果 ································ ································ ································ ········· 4 7 认定变更 ································ ································ ································ ··············· 5 附录A（资料性） 重要数据参照表 ································ ································ ················ 6 附录B（资料性） 重要业务参照表 ································ ································ ················ 8 附录C（规范性） 重要信息系统识别登记表 ································ ································ ·· 10 附录D（规范性） 重要信息系统识别认定表 ································ ································ ·· 13 附录E（规范性） 重要信息系统变更申请表 ································ ································ ·· 14 参考文献 ································ ································ ································ ·················· 15 DB43/T 2845—2023 II DB43/T 2845—2023 III 前 言 本文件按照 GB/T 1.1 —2020《标准化工作导则 第1部分：标准化文件的结构和起草规则》的规 定起草。 请注意本文件的某些内容可能涉及专利。本文件的发布机构不承担识别专利的责任。 本文件由中共湖南省委网络安全和信息化委员会办公室提出并归口。 本文件起草单位：中共湖南省委网络安全和信息化委 员会办公室、中共长沙市委网络安全和信息化 委员会办公室、湖南省金盾信息安全等级保护评估中心有限公司。 本文件主要起草人：刘学、郭天保、刘志勇、周小尧、周海毅、刘艳军、周明熙、张钰、方木、邓 庭波、罗晓燕、邓焕姿、王琼、王丰、刘兰芳、熊璐、杨新宇、谭健、尹海兵。 DB43/T 2845—2023 IV DB43/T 2845—2023 1 重要信息系统具体范围和识别规则 1 范围 本文件规定了重要信息系统识别的具体范围、识别因素、识别认定流程和认定变更等内容。 本文件适用于开展重要信息系统的识别和认定。 2 规范性引用文件 下列文件中的内容通过文中的规范性引用 而构成本文件必不可少的条款。 其中， 注日期的引用文件， 仅该日期对应的版本适用于本文件；不注日期的引用文件，其最新版本（包括所有的修改单）适用于本 文件。 GB/T 35273 —2020 信息安全技术 个人信息安全规范 GB/T 39204 —2022 信息安全技术 关键信息基础设施安全保护要求 3 术语和定义 下列术语和定义适用于本文件。 3.1 信息系统运营者 Operators of information system 信息系统的所有者、管理者。 3.2 关键信息基础设施 Critical inf ormation infrastructure 公共通信和信息服务、能源、交通、水利、金融、公共服务、电子政务、国防科技工业等重要行业 和领域的，以及其他一旦遭到破坏、丧失功能或者数据泄露，可能严重危害国家安全、国计民生、公共 利益的重要网络设施、信息系统等。 [来源：GB/T 39204 —2022，3.1] 3.3 重要数据 Important data 一旦遭到篡改、破坏、泄露或者非法获取、非法利用等，可能危害国家安全、经济运行、社会稳定 、 公共健康和安全等的数据。 3.4 重要业务 Important business 由行业主管或监督管理部门认定的，涉及国家安全、国计民生、经济命脉、社会稳定、公共利益的