Network and Data Security Compliance Checklist: Points Deduction Criteria

If a network and data security protection system and responsibility system have not been established and implemented, and the personnel responsible for network and data security are unclear and responsibilities are not clear, 1 point will be deducted.
If the self-built network and information system does not carry out network security level protection classification and filing according to regulations, and does not implement data classification and grading requirements, 2 points will be deducted.
If the self-built network and information system does not carry out self-inspection, network security level protection evaluation, and rectification and reinforcement according to regulations, 1 point will be deducted.
If backup and recovery measures are not implemented for important network systems and important data of self-built systems, 1 point will be deducted.
If the network operation status is not monitored and recorded for self-built networks and information systems, and relevant network logs are not retained according to regulations, 1 point will be deducted.
If an emergency plan for network and data security incidents is not formulated and emergency drills are not conducted regularly, 1 point will be deducted.
If network security vulnerabilities, risks, and other problems reported by public security organs and banking and insurance regulatory departments are not effectively handled, 1 point will be deducted.
If a major network and data security case occurs, 2 points will be deducted.
If the construction of the headquarters' information system is attacked or invaded, or data is leaked due to self-caused reasons, 3 points will be deducted.