Data has increasingly become a significant element of production to support economic development and the core asset of businesses in recent years as the digital economy of China has grown.
Data security is a requirement for enterprise data elements and is highly appreciated by businesses across industries. This aims to boost the new economic development drive, extend the digital economy, and create new competitive advantages on a national level.
The development of enterprise data security capabilities is a key focus for the China Academy of Information and Communications Technology (CAICT), which in November 2021 initiated a national-level certification project for Data Security Management Capabilities (DSMC) for the whole sector.
More than 120 businesses have completed the audit and certification work thus far, representing 70 different industries.
In-depth study and discussions with businesses revealed to CAICT that new methods of data leakage have evolved, and enterprise data security work is facing several new issues because of the growth of data security management capacity certification work.
This is because the enterprise’s data security technical capabilities are insufficient, resulting in uneven data security work, and it is impossible to determine whether the enterprise’s own technical capabilities meet business risks in terms of data classification and protection, API interface security control, and data leakage prevention, among others.
CAICT has actively conducted research, enriched the data security certification system based on the previous DSMC, and conducted related work on Data Security Technology Capability Certification (DSTC) to effectively assist enterprises in overcoming the challenges of data security technology work.
DSTC certification will be effectively linked to DSMC certification, with a focus on indicators relating to enterprise technical capabilities, such as data assets and data identification, authority management and operation specifications, data leakage prevention and traceability, sensitive data protection, business flow risk monitoring, and sensitive operation discovery.
Consider some technology-related management capabilities requirements, such as organisational structure and personnel protection, management and control of data use, partner organisation, and self-evaluation of data security work.
Together, the DSTC and the already-launched DSMC will comprise a comprehensive data security certification system for enterprises, facilitating the development of high-quality data security capabilities across industries.
The DSTC is now officially accepting business registrations, and the first group of companies to pass the certification will receive a data security technology capability certificate. National Certification and Accreditation Administration’s official website contains pertinent certification results.
Certification of data security technology in China is crucial because it ensures that organisations have implemented robust data security measures to protect sensitive information. This is especially important in a time of rising cyber threats and data intrusions.
Certification demonstrates a company’s commitment to data security and inspires confidence among consumers, partners, and other stakeholders. It improves the company’s reputation and provides a market advantage.
In addition, a reputable data security certification programme in China can facilitate international collaboration and partnerships by ensuring that organisations adhere to global data security standards. It facilitates data exchanges and encourages cross-border data transfers.
Also, certification programmes promote industry-wide best practices and data security standards. They promote continual improvement and innovation in data protection methods across industries, resulting in a safer and more secure digital environment. It ensures that consumers’ data is managed safely, encouraging them to continue engaging with businesses and digital services.