# CLAUDE.md This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. ## Repository Overview This repository contains security operation manuals and compliance documentation for the Suzhou Education E-Card platform, implementing China's Multi-Level Protection Scheme (MLPS) Level 3 requirements. ### Key Documents - **苏州教育E卡通数据安全运维操作手册.md** - Main operational manual with 5-tier risk classification system, role-based access control, and MLPS Level 3 compliance measures - **ff.md** - Original formal compliance document with theoretical security framework ### Architecture Focus The operational manual implements a **5-tier risk classification system**: 1. **Level 1 Operations** (Critical Management Operations) - Special sensitive data modifications (ID cards, names, student numbers) - System core configuration changes - Security policy modifications - MLPS Level 3 required: 2FA + screen recording + dual-person execution + complete audit trail 2. **Level 2 Operations** (Important Data Modifications) - Secondary sensitive data modifications - MLPS Level 3 required: 2FA + approval + backup + audit logging 3. **Level 3 Operations** (General Permission Operations) - New student registration, account creation - MLPS Level 3 required: 2FA for critical actions + approval + session management 4. **Level 4 Operations** (Data Query Operations) - Information queries, report generation - MLPS Level 3 required: Access control + query audit + data masking 5. **Level 5 Operations** (Read-only Operations) - Public information viewing, help documentation - MLPS Level 3 required: Basic authentication + session management ### Technical Implementation - **Field-level Access Control**: Row-level security policies with role-based data masking - **MLPS Level 3 Authentication**: Multi-factor authentication with specific application scenarios - **Audit Trail Integrity**: Digital signatures, SHA256 hashing, WORM storage - **Data Integrity Protection**: Transmission validation, storage constraints, automated integrity checks ## Development Context This is a **documentation-only repository** focused on security compliance and operational procedures rather than application code development. The main work involves: - Updating security operation manuals based on regulatory requirements - Implementing MLPS Level 3 compliance measures - Creating audit and monitoring procedures - Defining role-based access control matrices ## Common Development Tasks Since this is primarily a documentation repository, common tasks include: 1. **Manual Updates**: Revise operational procedures based on new MLPS requirements 2. **Compliance Reviews**: Audit existing procedures against MLPS Level 3 standards 3. **Template Creation**: Develop new operation forms and checklists 4. **Policy Documentation**: Write technical implementation guidelines for security measures ## Review Guidelines When updating documentation: 1. **MLPS Level 3 Compliance**: Ensure all procedures align with China's Multi-Level Protection Scheme requirements 2. **Practical Implementation**: Focus on operational feasibility rather than theoretical security 3. **Role Separation**: Maintain clear separation between operations, audit, and technical roles 4. **Audit Completeness**: Ensure all security controls have corresponding audit procedures ## File Structure ``` / ├── 苏州教育E卡通数据安全运维操作手册.md # Main operational manual ├── ff.md # Original formal compliance document └── CLAUDE.md # This file ``` ## Important Notes - This repository handles **sensitive student data** - always follow MLPS Level 3 requirements - The operational manual implements **practical security measures** rather than theoretical frameworks - All procedures should maintain **separation of duties** between operational roles - Documentation should be **actionable** and suitable for immediate implementation