image_1.pngCopyright©2024 Yonyou Group All Rights Reserved.Without the written permission of Yonyou Group, no part of this user manual may be copied, reproduced, translated, or reduced for any purpose. The content of this user manual may change without notice, please stay informed.Please note: The content of this user manual does not represent a commitment made by Yonyou Network.OverviewProduct OverviewYonBIP National Defense Industrial Cloud upholds the spirit of innovation, committed to promoting the digital transformation process in the field of defense technology through the deep integration of cutting-edge technology and advanced architecture. The software products, professional plugins, and basic services we provide to our clients are deeply integrated with military industry characteristics to meet the diverse needs of defense industrial clients. The core highlights of this release version are the platform compliance components and defense-specific service functions, aimed at further strengthening the security defense line of national defense information systems.The platform compliance component, as one of the core components of this release iteration, integrates two major functional modules: three-person management and confidentiality service. This component is built on the YonBIP platform and strictly adheres to the guiding principles of national confidentiality laws and regulations, specifically designed for confidential information systems, providing comprehensive and high-standard security compliance basic services. Through a refined three-person management mechanism and a strict confidentiality service control process, it effectively addresses the core challenges of confidential information systems in areas such as access management and information confidentiality, ensuring absolute security and compliance in system operations.The defense characteristic service product, as a deep extension and business enhancement of YonBIP's human resource cloud general service capabilities, is specifically tailored for military enterprises. It provides highly scenario-based management capabilities to comprehensively support military enterprises in building an efficient and compliant human resource service system. The confidential personnel management module focuses on the core aspects of confidentiality work in military enterprises, implementing strict management processes. From the onboarding, job change to departure of confidential personnel, each step is closely related to confidentiality requirements, covering key business scenarios such as qualification review and signing of confidentiality commitment letters. At the same time, confidential personnel must undergo regular qualification reviews to ensure they continue to meet confidentiality requirements. During the job change process, detailed qualification reviews, confidentiality education, and signing of confidentiality responsibility letters are implemented based on changes in job confidentiality levels. When confidential personnel leave or transfer to non-confidential positions, a series of stringent measures are executed, including confidentiality reminder discussions, signing of confidentiality commitment letters, and declassification period management, to ensure the continuity and effectiveness of information confidentiality. For confidential personnel who may enter other units after leaving, declassification period entrusted management is also implemented to comprehensively safeguard the information security and confidentiality work of military enterprises.Note: Before using the platform compliance component manual, please refer to the permission management related manual first.The management object of confidential personnel management is the individuals holding confidential positions within the organization. It is an important part of the full lifecycle management of confidential personnel and is the core component of confidentiality management in the human resources domain for national defense and military enterprises.Confidential Personnel Management covers the entire confidentiality management work of employees during pre-employment, on-the-job, job transfer, and offboarding stages. This includes qualification review of confidential personnel, regular re-evaluations, determination of confidentiality levels, confidentiality commitment letters, confidentiality reminder discussions, reporting of significant matters, declassification of confidential personnel, and management of declassification periods. The classification, level change, and declassification scenarios of confidential personnel management are closely related to employee position changes and are tightly integrated with personnel assignment business.Product ValueProduct Value of the Platform Compliance ComponentThe platform compliance component, as a core highlight of this release, deeply integrates the two key functional modules of personnel management and confidentiality services, specifically designed to enhance the security compliance of classified information systems, meeting the graded protection management requirements for classified information systems.The "Three Roles" architecture of confidential information systems—System Administrator, Security and Confidentiality Administrator, and Security Auditor—each has its own responsibilities, managing system operation and maintenance, execution of security and confidentiality policies, and security audit supervision, respectively. During the initial deployment, professional implementation personnel are responsible for creating and configuring the accounts for these three roles. At the same time, the system comes pre-installed with a compliance permission set that adheres to the principle of least privilege, ensuring an initial security baseline for system operation. Under the premise of meeting regulations and internal security policies, the system supports adjustments to the permission scope of the three roles to accommodate different business scenarios and security needs. Through an advanced administrator authorization mechanism, the system achieves hierarchical and refined control over key elements such as users, roles, permissions, and audit logs, ensuring that permission allocation is reasonable and traceable, thereby constructing a clear and orderly security management framework for the organization.In addition, the three-person management system also includes an intelligent monitoring feature for log storage space, capable of real-time monitoring and early warning of the usage of log storage space, preventing the loss of log data due to insufficient space and ensuring the continuity and integrity of audit work. At the same time, it provides a dedicated workspace for the three roles, offering an intuitive and convenient interface to help them efficiently fulfill their responsibilities, further enhancing the security management and compliance level of sensitive information systems.The confidentiality service strictly follows the principle of graded protection for sensitive information systems, accurately dividing security management levels to ensure the rigor of information confidentiality management. This service is inclusive and not only supports the strict management model of national secrets but also flexibly applies to the control of commercial secrets, meeting diverse security needs.The confidentiality service provides comprehensive confidentiality setting functions, covering multiple dimensions such as systems, business modules, organizations, users, and business data, achieving refined confidentiality classification and configuration. Through a dual control strategy of service confidentiality (tenant level/organization level) and user confidentiality, it effectively defines and restricts the access range of business data information. Based on the user's confidentiality authorization, it intelligently regulates the visible boundaries of business data, strictly preventing high confidentiality with low flow, and eliminating any potential risk of data leakage. This control strategy comprehensively covers all aspects of sensitive data processing, including but not limited to list queries, approval permission filtering, data detail access, message notifications, data import and export verification, attachment upload and download identification, attachment encryption, and the linkage of business data and attachment confidentiality levels, thereby constructing an unbreakable data security defense line.Confidential Personnel Management Product Valueimage_2.pngApplication ScenariosOverall Scenario of Three Personnel ManagementBusiness DescriptionThe three-person management system implements the mutual supervision and mutual restriction functions required for confidential information systems. It isolates the authority management content between the three roles and the business roles. It also achieves hierarchical control of authority management by organization and by field. It supports the initial three-person users for preset tenants. Advanced parameter settings for three-person management are available.The system administrator creates and maintains user and role information. The security confidentiality administrator is responsible for uniformly assigning roles to users, assigning functional permissions to roles, conducting authorization control, performing audits, and monitoring thresholds. The security confidentiality administrator audits the logs of ordinary users and security auditors, while the security auditors audit the operational processes of system administrators and security confidentiality administrators within the system. At the same time, the system can achieve hierarchical control among confidential units from the group to institutions to subsidiaries.image_3.pngStrengthen the separation of powers to achieve checks and balances and supervision: This version deeply implements the principle of separation of powers, ensuring through system architecture design that the system administrator, security confidentiality administrator, and security auditor (the three roles) form a relationship of mutual supervision and mutual restraint, effectively preventing internal risks and enhancing the overall security of the system.Follow the classification protection standards to achieve security audit supervision: Fully support real-time and comprehensive security audit supervision of system operations in accordance with the strict requirements of classified protection, ensuring that all operational behaviors comply with security regulations and safeguarding information security.Flexible user rules support hierarchical log auditing: Introduce an authorization mechanism that allows for the establishment of auditing strategies based on actual needs, enabling hierarchical and refined auditing of logs. This feature not only enhances auditing efficiency but also ensures the accuracy and traceability of auditing data.Exclusive Workbench for Three Roles, Optimizing Management Processes: A dedicated management workbench designed specifically for the three roles, aimed at simplifying management processes and enhancing work efficiency. The three roles can efficiently perform their duties on this platform, achieving key operations such as permission allocation, log review, and security policy adjustments.Improve log recording and enhance the transparency of the three-member management: The log recording function for three-member management has been comprehensively optimized and improved, ensuring that every operation of the three members is thoroughly documented. This not only facilitates subsequent audits and accountability but also greatly enhances the transparency and credibility of the three-member management work.Added management configur...
