Website servers and other computers set up between the Ministry of Public Security certification of the firewall, and with professional network security companies to do a good job of security policy, to reject malicious attacks from outside, to protect the normal operation of the site.
2, in the site's servers and workstations are installed on the genuine anti-virus software, computer viruses, harmful e-mail has a full set of precautions to prevent harmful information on the website system interference and damage.
3, good production log retention. The site has a system to save more than 60 days of operation logs and user logs record function, including IP address and use, home page maintainers, mailbox users and the corresponding IP address situation.
4, interactive columns with an IP address, identity registration and identification confirmation function, there is no legal formalities and do not have the conditions of the electronic bulletin service closed immediately.
5, the website information service system to establish a dual-machine hot backup mechanism, once the main system encounters failure or attack caused by the normal operation, to ensure that the backup system can promptly replace the main system to provide services.
6, close the website system temporarily does not use the service functions, and related ports, and timely repair of system vulnerabilities with patches, regular virus check.
7, the server is usually in a locked state, and keep the login password; background management interface to set up a super user name and password, and bound IP, in order to prevent others from logging in.
8, the site provides centralized rights management, for different application systems, terminals, operators, by the site system administrator to set *** enjoy access to database information, and set the corresponding password and password. Different operators set different user names and change them regularly, and operators are strictly prohibited from leaking their passwords. The operator's rights are set in strict accordance with the job responsibilities, and the website system administrator regularly checks the operator's rights.
9, the company's server room in accordance with the standard construction of telecommunications server room, there are necessary independent UPS uninterruptible power supply, highly sensitive smoke detection system and fire system, regular power, fire, moisture, anti-magnetic and anti-rodent checks.
Network and information security measures
I. Network security measures
In order to comprehensively ensure the network security of the Company, in the design of the Company's network platform solutions
The design will be based mainly on the following design principles:
a Security
In the design of the program, we will be from the network, system, application, operation management, system redundancy and so on. , operation management, system redundancy and other perspectives of comprehensive analysis, the use of advanced security technologies, such as firewalls, encryption technology, for
hot site to provide a systematic and complete security system. Ensure the safe operation of the system.
bHigh performance
Considering the future growth of business volume of the company's network platform, in the design of this program, we will be comprehensively analyzed from the perspective of the network, servers, software, applications, etc., and reasonably design the structure and configuration
to ensure that a large number of concurrent access to the peak hours of the user, the system still has sufficient processing capacity to protect the quality of service.
cReliability
The Company's network platform, as an enterprise portal platform, will be designed to minimize the investment in terms of system structure, network structure, technical measures, facility selection and other aspects of comprehensive consideration
in order to minimize the single-failure nodes in the system, to achieve 24/7 uninterrupted service
dScalability
An excellent architecture (including hardware and software architecture) design is critical to the ability of the system to adapt to future business development. In the design of this system, the hardware system (e.g., server
, storage design, etc.) will follow the principle of scalability to ensure that the system grows with the volume of business, and seamlessly and smoothly expands without stopping the service; at the same time, the design of the software architecture will also follow the principle of scalability to adapt to the needs of the growth of the new business.
eOpenness
Considering that the system will involve equipment technologies from different vendors and the ever-expanding system requirements, all the international/industrial standards are adopted in the technical selection of the products for this project, so as to make this
system have good openness.
fAdvanced
The product technologies used in the construction of hardware and software platforms, the design and development of application systems, and the maintenance and management of the system take into account the development trend of today's Internet, and adopt the relatively advanced product technologies that are relatively mature in the market at the same time, so as to satisfy the development needs of the future hotspot websites.
gSystem Integration
The hardware and software systems in this program include excellent products from Timeless Technology and third-party vendors. We will provide complete application integration services for Manla website, so that Manla website will concentrate more resources
in the development and operation of business rather than in specific integration work.
1, hardware facilities safeguards:
Chongqing Manla Technology Development Co., Ltd.'s information server equipment in line with the postal and telecommunications public communications network of the various technical interface indexes and terminal communications, such as technical standards, electrical characteristics and communication methods,
will not affect the security of the public network. The Company rents the IDC of Chongqing Telecom to place the information server in the standard server room environment, including: air conditioning, lighting, humidity, uninterruptible power supply, anti-static flooring and so on. Heavy
Qingdao Telecom for the company's servers to provide a high-speed data port to access the CHINANET network. The application mode of the system host system determines that the system will face a large number of users and face a large number of concurrent
Access, the system is required to be a highly reliable critical application system, the system is required to avoid any possible downtime and data destruction and loss. The system is required to use the latest application server technology to achieve
load balancing and avoid single point of failure.
System host hardware technology
CPU: 32-bit long CPU, support for multi-CPU structure, and support for smooth upgrade.
Server with high reliability, with long working hours, the system machine average trouble-free time (MTBF) is not less than 100,000 hours, the system provides powerful diagnostic software to diagnose the system
Server with mirror fault-tolerant function, the use of dual-disk fault-tolerant, dual-machine fault-tolerant.
The host system has a strong bus bandwidth and I / O throughput capacity, and flexible and powerful expandability
Configuration principles
(1) processor load peaks at 75%;
(2) processor, memory and disk needs to be configured balanced in order to provide good results;
(3) disks (mirrored as a good thing) there should be 30-40% redundancy to cope with peaks.
(4) Memory configuration should match database metrics.
(5) I/O is as important as the processor.
System host software technology:
System software for the server platform conforms to open systems interconnect standards and protocols.
Operating system selection of general-purpose multi-user, multi-task winduws 2000 or Linux operating system, the system should have a high degree of reliability, openness, support for symmetric multi-processing (SMP) function, support
Support for a variety of network protocols, including TCP / IP.
Conforms to C2 level security standards: Provides complete operating system monitoring, alarming and troubleshooting.
Support should be provided for current popular database systems and development tools.
System host storage devices
The technology of the system's storage devices
RAID0+1 or RAID5 disk arrays and other measures to ensure that the system is safe and reliable.
I/O capacity up to 6M/s.
Provide enough expansion slots.
System storage capacity design
The storage capacity of the system mainly takes into account the storage space for user and other data, file system, backup space, test system space, database management space and system expansion space.
Expansion capacity of the server system
Expansion capacity of the system host mainly consists of three aspects:
Expansion of performance, processing capacity-including CPU and memory expansion
Expansion of storage capacity-expansion of the disk storage space
I/O Expansion of I/O capacity, including the expansion of network adapters (such as FDDI cards and ATM cards) and the expansion of external devices (such as external tape libraries, CD-ROM drives, etc.)
2, the software system to ensure that the measures:
Operating system: Windows 2000 SERVER network operating system
Firewall: CISCO PIX hardware firewall
Windows 2000 SERVER operating system and the U.S. Microsoft windowsupdate site upgrade site to maintain data contact, to ensure that the operating system to patch the now known vulnerabilities.
Using NTFS partitioning technology to strictly control users' access to server data.
Strict security policies and log access records have been established on the operating system. It guarantees user security, password security, and network access control to the system, and logs all network access and actions to the system.
System implementation of the standard three-tier architecture based on WEB middleware technology, that is: all WEB-based applications using WEB application server technology to achieve.
Performance design of the middleware platform:
Scalability: allows users to develop systems and applications to meet growing business needs in a simple way.
Security: utilizes a variety of encryption technologies, identity and authorization control and session security technologies, as well as Web security technologies to avoid user information from being compromised by unauthorized intrusion.
Integrity: Reliable, high-performance distributed transaction functions are realized through middleware to ensure accurate data updates.
Maintainability: It is easy to upgrade existing applications with new technologies to meet the growing needs of enterprise development.
Interoperability and openness: middleware technology should be based on an open standards-based system to provide the development of distributed transaction applications, can be realized across heterogeneous environments, the interoperability of existing systems. Can support multiple
Hardware and operating system platform environment.
Network security:
Multi-layer firewall: According to the different needs of users, the use of multi-layer high-performance hardware firewalls to provide comprehensive protection for customer hosting host.
Heterogeneous firewalls: at the same time, the industry's most advanced and mature Cisco PIX hardware firewall protection, firewalls of different manufacturers with different structures to further protect the user's network and the host of the security
Anti-virus Scanning: professional anti-virus scanning software to eliminate the virus infection of the customer's host.
Intrusion detection: professional security software, to provide network, host, database, application-based intrusion detection services, in the firewall on the basis of several additional security measures to ensure that the user
system of a high degree of security.
Vulnerability Scanning: Regularly scan and analyze user hosts and applications for security vulnerabilities to eliminate potential security risks and prevent them from occurring in the first place.
CISCO PIX hardware firewall running on the upper layer of the CISCO switch provides a dedicated host to monitor all the packets flowing through the network, and found to be able to correctly identify the attack in the attack characteristics.
The identification of attacks is real-time, with user-defined alarms and responses once an attack has been detected. Here we have the following protections:
All Event Monitoring Policy This policy is used for testing purposes to monitor and report all security events. In a real world environment, this policy will severely impact the performance of the detection server.
Attack Detection Policy This policy focuses on preventing malicious attacks from the network and is suitable for administrators to be aware of important network events on the network.
Protocol Analysis This policy differs from the attack detection policy in that it analyzes network sessions for protocols and is suitable for security administrators to understand how the network is being used.
Website Protection This policy is used to monitor the monitoring of HTTP traffic on the network and is only sensitive to HTTP attacks. It is suitable for security administrators to understand and monitor website access on the network.
Windows Network Protection This policy focuses on protecting the Windows network environment.
Session Replication This policy provides the ability to replicate Telnet, FTP, SMTP sessions. This feature is used for security policy customization.
DMZ Monitoring This policy focuses on protecting network activity in the DMZ outside the firewall. This policy monitors for network attacks and typical Internet protocol weaknesses such as HTTP, FTP, SMTP, POP
and DNS, and is suitable for security administrators to monitor network events outside the corporate firewall.
Inside Firewall Monitoring This policy focuses on attacks and protocol weakness exploitation of web applications traversing the firewall and is suitable for monitoring security events inside the firewall.
Database server platform
The database platform is the foundation of the application system, which is directly related to the performance of the entire application system and the accuracy and security reliability of the data as well as the efficiency of data processing and other aspects. The design of the database platform includes:
The database system should be highly reliable and support distributed data processing;
Support a variety of network protocols including TCP/IP and IPX/SPX protocols;
Support a variety of operating systems, such as UNIX and MS NT, and support for the client/server architecture, with an open client programming interface, support for Chinese character operations;
has the technology required to support parallel operations (e.g., multi-server collaboration technology and transaction integrity control technology, etc.);
support for on-line analytical processing (OLAP) and on-line transaction processing (OLTP), support for the establishment of data warehouses;
requires the ability to achieve rapid loading of data, as well as efficient concurrent processing and interactive query; support for C2-level security standards and multi-level security control, provide WEB service interface module, the output to the client
protocol support for HTTP2.0, SSL3.0, etc.; support for online backup, with automatic backup and log management functions.
Two, information security and confidentiality management system
1, information monitoring system:
(1), the website information must be marked on the web page source; (i.e., information about the reproduction of the reprint must be marked with the reproduction of the address)
(2), the relevant responsible person to check the content of the website information on a regular basis or from time to time, the implementation of effective monitoring and security supervision work;
(3), shall not use the Internet to produce, copy, access and disseminate a series of the following information, if any violation of the provisions of the relevant departments will be dealt with in accordance with the provisions of;
A, opposed to the basic principles established by the Constitution;
B, endangering national security, disclosure of state secrets, subversion of state power, undermining the unity of the country;
C, damage to the national honor and interests;
D, incitement to ethnic hatred, ethnic discrimination, undermining national unity;
E, undermining national religious policy, promoting cults and feudal superstitions;
F, spreading rumors, disrupting the social order, undermining social stability;
G, spreading obscenity, pornography, gambling, violence, murder, terrorism or abetting crime
H, insulting or slandering others, infringing on the legitimate rights and interests of others;
containing other content prohibited by laws and administrative regulations.
2. Organizational structure:
Setting up a special network administrator, and supervised by his superiors, where the provision or release of information to the international network of sites must be approved by the confidentiality review. Confidentiality approval of the implementation of departmental management, the relevant
Units should be in accordance with national confidentiality laws and regulations, review and approval of the release, adhere to the source of the unnamed does not send, for the approval of the higher authorities do not send, the content of the problem does not send, the three do not send system.
Responsibility system for website management
The managers of the website, as well as the leadership of the clear responsibility of personnel at all levels, management of the normal operation of the website, and strictly grasp the management of the work, the implementation of whoever manages who is responsible.
Three, the user information security management system
One, information security insiders confidentiality management system:
1, the relevant insiders shall not disclose information that needs to be kept confidential;
2, insiders shall not publish, disseminate the contents of the national laws prohibit;
3, information should be published before the relevant personnel audit;
4, the information should be published before the relevant personnel audit;
5, the information should be published in a timely manner;
6, the information should be published in a timely manner. p>
4, the relevant management personnel to set the site management authority, shall not exceed the authority to manage the site information;
5, once the site information security incidents should be immediately reported to the relevant parties and timely coordination of processing;
6, the toxic and harmful information filtering, user information confidentiality.
Two, the landing user information security management system:
1, the landing user information reading and publishing the required set of permissions;
2, members of the member area for the form of information management;
3, the user's behavior on the site for effective monitoring to ensure internal information security;
4, fixed users shall not be disseminated, Publish content prohibited by state law. Measures for the Administration of Internet Information Services", "People's Republic of China Drug Administration Law", "Interim Provisions on the Administration of Internet Pharmaceutical Information Services" and relevant laws and regulations, these measures are formulated. Article 2 These Measures shall apply to Internet pharmaceutical information service activities within the administrative area of Beijing, including those Internet pharmaceutical information service providers outside Beijing that have servers within the administrative area of Beijing. Internet drug information service referred to in these measures, refers to the Internet to provide Internet users with drugs (including medical devices, sanitary materials, pharmaceutical packaging materials) information service activities. Article III Internet drug information service is divided into operational and non-operational two categories. Operational Internet drug information services, refers to the Internet through the Internet to Internet users to publish drug advertisements, paid to provide drug information and other services to bring economic benefits. Non-operational Internet drug information services, refers to the Internet to the Internet users without compensation to provide public, **** enjoyment of drug information services. Article IV of the State Drug Administration of the national Internet site engaged in drug information service activities to implement supervision and management. Beijing Municipal Drug Administration of the Beijing Municipal administrative area of Internet sites engaged in drug information services activities to implement supervision and management. Chapter II Approval Supervision and Administration Section I. Basic Management Article 5 engaged in Internet drug information services, information content shall not contain state regulations for the implementation of special management of drugs and medical devices. Article VI engaged in Internet drug information services, should fill out the State Drug Administration issued a unified "engaged in Internet drug information services application form. Article VII engaged in Internet drug information services website must be open to the drug supervision and management departments can browse online all the columns and content. Article VIII engaged in Internet drug information services, should be marked prominently on the home page of its website Internet drug information service approval number or record number. Article IX published on the Internet drug advertisements (including medical devices) should be strictly in accordance with the provisions of the drug advertisement review and management, drug advertisement review and approval number should be indicated at the same time. Article 10 Beijing Municipal Drug Administration in the receipt of the State Drug Administration written audit results, within 10 days in the form of written documents to notify the applicant. Article XI of the Internet drug information service providers to change one of the following matters, should be 30 days in advance to the original audit authority or the preliminary examination authority to apply for change procedures, fill out the "engaged in Internet drug information service project change application form" (in duplicate), the project change the audit of the matter with the application of the audit requirements. The original audit authorities or preliminary examination authorities agreed to change, reported to the State Drug Administration for the record or audit. (A) the type of service; (B) the Internet drug information service provider unit name, address, legal representative, responsible person, key positions, such as telephone and other basic items; (C) website name, main server address, domain name, IP address, as well as other server addresses, domain names, IP addresses; (D) services (including non-tolled columns, toll columns) and the main content. Article XII Beijing Municipal Drug Administration in accepting changes in business applications within 30 days to make whether to agree to change the preliminary examination of opinions or decisions, and notify the applicant in writing. Agree to change, reported to the State Drug Administration for review or record. Section II of the operating Internet drug information service management Article XIII of the State Drug Administration to engage in the operation of the Internet drug information service audit. Beijing Municipal Drug Administration for the Beijing Municipal Administrative Region to engage in the operation of Internet drug information services for the initial examination. Article XIV engaged in the operation of Internet drug information services, should have the following conditions: (a) the operator of the company or enterprise or public institution established by law; (b) with the development of business activities in line with the funds, professionals, facilities and equipment; (c) have to provide long-term service credibility or ability; (d) business development plans and related technical programs; (e) a sound network and information security measures, including web site security measures, security measures, the Beijing Municipal Drug Administration, the Beijing Municipal Administrative Region to engage in the initial examination of the operation of Internet drug information services. (E) has a sound network and information security measures, including website security measures, information security and confidentiality management system, user information security management system; (F) there are more than two familiar with drug management laws, regulations and pharmaceutical expertise in pharmacy-related professions, with professional and technical titles above the junior level, and by the Beijing Municipal Drug Administration assessment of the recognition of the full-time professionals; engaged in medical device information services, there should be more than one medical device-related professions, bachelor's degree or above, familiar with medical devices Medical device information services, there should be more than one medical device-related professional, bachelor's degree or above, familiar with medical device-related laws and regulations, and by the Beijing Municipal Drug Administration regulations and regulations of the training and assessment of recognized full-time professionals; (7) has a relatively stable source of legitimate drug information, and to ensure that the source of information on drugs is legitimate, true and safe management measures; (8) has the history of the release of information on the ability to carry out back-up and access, and to develop and implement the relevant management system. Article 15 engaged in the operation of Internet drug information services, shall apply to the Beijing Municipal Drug Administration, and submit the following materials: (1) "engaged in Internet drug information services application form", four copies; (2) engaged in the operation of the Internet drug information services, a written application, in duplicate; (3) a copy of the business license (new enterprises to provide the industrial and commercial administrative departments to provide the name of the pre-approval notice and related materials), and the name of the company. (C) a copy of the business license (new enterprises to provide name pre-approval notice issued by the administrative department of industry and commerce and related materials), in duplicate; (D) website domain name registration of the relevant documents, in duplicate; (E) website columns set up to explain (including fees), in duplicate; (F) the website on the history of the release of information for backup and access to the relevant management system and implementation of the description, in duplicate; (VII) website can be browsed online all the columns and contents of supervision and management of the public (viii) organization chart, in duplicate; (ix) legal representatives, personnel appointment of the person in charge of the enterprise, identity certificates, copies of academic certificates and resumes, in duplicate; (x) all personnel registration summary table (including name, date of birth, department, position, education, profession and other basic items), in duplicate; (xi) full-time professional staff identity certificates, (xi) full-time professional identity cards, copies of academic certificates and resumes, in duplicate; (xii) enterprise training program and implementation of the file, in duplicate; (xiii) business address location map, floor plan, in duplicate; (xiv) enterprise business housing ownership certificate or a copy of the lease agreement, in duplicate; (xv) professional instrumentation and equipment, in duplicate; (xvi) basic business description and related materials, in duplicate; (xviii) business and related materials, in duplicate; (xviii) the business and related materials, in duplicate; (xviii) business and related materials, in duplicate. (xvii) business development plan and related technical programs, in duplicate; (xviii) to ensure that the source of drug information is legitimate, true, safe management measures, information and relevant proof, in duplicate; (xix) outside Beijing, the Internet drug information service providers to set up servers in Beijing, should also provide the operator of the relevant documents and materials, in duplicate; (xx) other supplementary materials, in duplicate. (xx) Other supplementary materials in duplicate. Article 16 The Beijing Municipal Drug Administration shall make a decision within 30 days from the date of acceptance as to whether the application for an operational Internet drug information service has passed the preliminary examination. Passed the preliminary examination, by the Beijing Municipal Drug Administration reported to the State Drug Administration for examination and approval; the preliminary examination did not pass, the applicant shall be notified in writing and explain the reasons. State Drug Administration in accordance with the relevant provisions of the Beijing Municipal Drug Administration to submit the application materials for review, and within 30 days to make a decision to agree or disagree. Agree, by the State Drug Administration to notify the Beijing Municipal Drug Administration in writing, by the Beijing Municipal Drug Administration to the applicant issued by the examination of agreed documents; do not agree, should be notified in writing to the Beijing Municipal Drug Administration and explain the reasons for the Beijing Municipal Drug Administration to inform the applicant. Section III non-operational Internet drug information service management Article XVII Beijing Drug Administration to engage in non-operational Internet drug information service audit. State Drug Administration to engage in non-operational Internet drug information services for the record management. Article 18 The non-operating Internet drug information service providers shall not engage in paid services. Article 19 engaged in non-operational Internet drug information services, in addition to should meet the "Internet Information Service Management Measures" requirements, should also have the following conditions: (a) the operator is established by law for the administrative organs or social organizations or companies or enterprises and public institutions; (b) with the development of business activities appropriate sources of funding, professionals, facilities and equipment; (c) more than two understanding of the laws and regulations of drug management and drug expertise, and the State Drug Administration shall not engage in paid services. (C) have more than two understanding of drug management laws, regulations and drug expertise, and by the Beijing Municipal Drug Administration assessment of recognized professionals; engaged in medical device information services, more than one understanding of medical device management laws, regulations and professional knowledge, and by the Beijing Municipal Drug Administration regulations and training and assessment of recognized full-time professionals; (D) to ensure that the source of information on drugs legal and real management measures. Article 20 engaged in non-operational Internet drug information services, shall apply to the Beijing Municipal Drug Administration, and submit the following materials: (a) "engaged in Internet drug information services application form", four copies; (b) engaged in non-operational written application for Internet drug information services, in duplicate; (c) proof of the establishment of the operator or a copy of the enterprise's business license (for new enterprises to provide industrial and commercial), the name of the pre-approval issued by the administrative department. (c) proof of establishment of the operator or a copy of the business license (new enterprises to provide industrial and commercial departments to provide the name pre-approval notice and related materials), in duplicate; (d) website domain name registration of the relevant documents in duplicate; (e) website columns set up to explain, in duplicate; (f) website on the history of the release of information for backup and access to the relevant management system and implementation of the description, in duplicate; (g) website can be viewed online all the columns and contents of supervision and management departments of the public method and operational instructions, in duplicate; (h) website can be browsed online and content of all columns and supervision and management departments (vii) the website can be viewed online all the columns and content of the supervision and management of the public method and operating instructions, in duplicate; (h) organization chart, in duplicate; (ix) legal representative, the person in charge of the enterprise's personnel appointment letter, proof of identity, a copy of the certificate of academic qualifications and curriculum vitae, in duplicate; (j) full-time professionals proof of identity, copy of the certificate of academic qualifications and curriculum vitae, in duplicate; (k) the location of the business address map, a floor plan, in duplicate; (l) the operating (xii) proof of ownership of housing or a copy of the lease agreement, in duplicate; (xiii) the source of funds for the operation of the site documents, in duplicate; (xiv) summary of professional equipment, in duplicate; (xv) the basic business description and related materials, in duplicate; (xvi) to ensure that the source of information on medicines, legal and real management measures, information and relevant proof, in duplicate; (xvii) Outside Beijing, the Internet drug information service providers to set up servers in Beijing, should also provide the operator of the relevant documents and materials, in duplicate; (xviii) other supplementary materials, in duplicate. Article 21 Beijing Municipal Drug Administration in accordance with the relevant provisions of the application for non-operational Internet drug information service units to submit materials for review, and within 30 days to make a decision to agree or disagree. Agree, by the Beijing Municipal Drug Administration issued a document of examination and approval, and at the same time reported to the State Drug Administration for the record; does not agree, it shall notify the applicant in writing and explain the reasons. Chapter III Penalties Article 22 Internet drug information service providers in violation of these measures, one of the following circumstances, by the State Drug Administration or the Beijing Municipal Drug Administration to give a warning, and ordered to make corrections within a specified period of time; has been qualified to engage in Internet drug information services, the circumstances are serious, revoke its qualification to engage in Internet drug information services, and consult the information industry department in charge of the relevant departments in accordance with the provisions of the relevant laws and regulations. Relevant laws and regulations shall be punished: (a) without obtaining the State Drug Administration or provinces, autonomous regions, municipalities directly under the Central Drug Administration audit consent, unauthorized engagement in Internet drug information services; (b) non-operational Internet drug information service providers to provide paid Internet drug information services; (c) has obtained the State Drug Administration or provinces, autonomous regions, municipalities directly under the Central Drug Administration audit consent, but more than the audit consent. (C) has obtained the approval of the State Drug Administration or province, autonomous region, municipality directly under the Central Municipality Drug Administration audit, but beyond the scope of the audit consent to provide mutual (D) to provide untrue Internet drug information and cause social impact; Article 23 The Internet drug information service providers in their business activities, in violation of other laws and regulations relating to drugs, by the State Drug Administration or the Beijing Municipal Drug Administration in accordance with the provisions of the relevant laws and regulations of the penalties. Chapter IV Supplementary Provisions Article 24 The following terms of this approach is the meaning of: This approach is referred to as "day", unless otherwise specified are natural days. Operational Internet drug information services, usually with paid information columns, drug advertisements and other paid services. Non-operational Internet drug information services, usually for the government Internet project, enterprises and institutions of public interest-type website, the enterprise's own business promotion website. Pharmacy-related professions, referring to a variety of pharmacy, medicine, chemistry, biology. Medical device-related professions, refers to science and technology-related professions. Article 25 engaged in Internet drug information services, to provide online drug trading services, should be in accordance with the relevant provisions of a separate special application to the State Drug Administration. Article 26 These measures are engaged in Internet drug information services before the announcement, should be published in these measures within 20 working days from the date of publication, in accordance with the provisions of the supplementary audit procedures. Article 27 These Measures by the Beijing Municipal Drug Administration is responsible for the interpretation. Article 28 These measures shall be implemented on a trial basis from the date of publication.