6.reference documentation 参考文档
-Government IT Security Documents/政府资讯科技保安文件
https://www.ogcio.gov.hk/en/our_work/information_cyber_security/government/
-Professional Methodologies/专业的方法论
https://www.ogcio.gov.hk/en/our_work/infrastructure/
The Contractor shall comply with the following Government regulations, policies, standards, guidelines, methodologies and quality requirements:
承包商应遵守以下政府法规、政策、标准、指南、方法和质量要求:
a.Baseline IT Security Policy /基线IT安全策略
b.IT Security Guidelines/IT安全指南
c.Practice Guide for Security Risk Assessment & Audit/安全风险评估与审计实践指南
d.Practice Guide for Information Security Incident Handling/信息安全事件处理实践指南
e.Practice Guide for IT Outsourcing/信息技术外包实践指南
f.The Interoperability Framework for the e-Government/电子政务互操作框架
g.Best Practices for Business Analyst/业务分析师的最佳实践
h.Effective Systems Analysis and Design Guide/高效系统分析与设计指南
i.Practice Guide for Agile Software Development/敏捷软件开发实践指南
j.Practice Guide for Scoping and Planning of Large-scale IT System Development Projects/大型IT系统开发项目的范围界定和规划实践指南
k.The Government Technology and System Architectures (“GTSA”) Framework/政府技术和系统架构(“ GTSA ”)框架
l.Common Look and Feel Guidelines and Design Specifications /通用观感指南和设计规范
(For Government websites, the contractor needs to adopt mobile friendly design to provide good user experience with different devices (including desktop, notebook computers, tablets & smartphones) in accordance to the "Common Look and Feel Guidelines and Design Specifications".)
(对于政府网站,承包商需要采用移动友好设计,以根据“通用外观指南和设计规范”,在不同设备(包括台式电脑、笔记本电脑、平板电脑和智能手机)上提供良好的用户体验。)
m.Security Regulations/安全条例
n.Practice Guide for Website and Web Application Security/网站和Web应用程序安全实践指南
o.Practice Guide for Mobile Security/移动安全实践指南
p.Practice Guide for Internet Gateway Security/互联网网关安全实践指南
q.Baseline IT Security Policy for the WSD/水务署资讯科技保安政策基线
r.The Government Cloud Adoption Framework (“GCAF”)/政府云采用框架(“ GCAF ”)
s.Any other relevant regulations, policies, guidelines and procedures issued by OGCIO and WSD/政府资讯科技总监办公室及水务署发出的任何其他有关规例、政策、指引及程序
which are based on the prevailing Government standards and methodologies that can be found at OGCIO’s website (https://www.ogcio.gov.hk/en/infrastructure/methodology/ ).
