China Cyber Security Law Grade Protection System Certification Support
About China Cybersecurity Law Level Protection System (MLPS)
China Cybersecurity Law Multi Level Protection Scheme (MLPS) is an important regulatory scheme introduced by the Chinese government to strengthen information security management, and is a key regulatory scheme for all companies and organizations to ensure the security of their information systems. This is the framework. The government mandates that information systems be classified into five levels based on their importance and risk, and security measures must be taken according to each level.
By undergoing a third-party evaluation of Grade Protection, companies and organizations can obtain certification based on the results. In addition, by appropriately protecting your company's systems and information assets from cyber attacks and information leaks, you can prove to your customers and business partners that you meet the requirements for grade protection.
Class protection level definition
| grade protection level | overview | Impact on citizens, businesses and corporations | Impact on society and public interest | National security impact | Examples of target industries, industries, and systems |
| First class (self-protection) |
A system that does not have a significant impact on the nation or society even if information leaks occur | Less than general damage | - | - | ・Personal site (personal blog, etc.) |
| Level 2 (Guidance and Protection) |
Systems where information leaks may have a certain social and economic impact | severe damage | General damage | - | ・Company and corporate homepages ・Education-related sites |
| Third class (supervision and protection) |
Systems where information leaks may have a serious impact on the stability of the nation or society | - | severe damage | General damage | ・EC sites ・Homepages of major companies ・Financial institutions (other than banks) |
| Class 4 (forced protection) |
Systems that are important infrastructure for the nation and society and require the highest level of security | - | severe damage | severe damage | ・Banks , communications , transportation , power plants |
| Class 5 (control protection) |
Systems that are important infrastructure for the nation and society and require the highest level of security | - | - | very severe damage | ・Government /national defense and military related matters |
*Japanese companies and overseas corporations operating in China are eligible for the above-mentioned "Second Class (Guidance and Protection)" or "Third Class (Supervision and Protection)" grade protection certification.
Information security subject to review
| Security items | overview |
| IT infrastructure | Security of servers and network configurations (system redundancy, introduction of security products, etc.) *In the case of public clouds, the introduction of cloud security products is also subject to review. |
| security operations | Security for daily operations such as data backup and password management |
| application | Security of user information and personal information management in application design |
| Steps to grade protection certification | ||||
| ① Level certification | ② Report to the government | ③ Improvement | ④ Examination by a third-party organization | ⑤ Acquisition of certification (annual external audit) |
About China Cyber Security Law Grade Protection System Certification Support
China's Cybersecurity Law requires information system personnel in China to protect, manage, and maintain the information security of systems and applications.
Beyond's "China Cybersecurity Law Grade Protection System Certification Support" provides security compliance consulting and system construction support based on the grade protection scheme required by companies and organizations in China.
● The service will be provided by "Beyoutoku Technology (Shenzhen) Co., Ltd."
BEYOND's local subsidiary in China (wholly owned subsidiary), `` Yeyou Technology (Shenzhen) Co., Ltd. '' will provide corporate contracts in China, payments in Renminbi (RMB), and technical support in Japanese, Chinese, and English. We also support.
Support from information security professionals
- Want to comply with regulations and standards related to China's Cyber Security Law.
- Want to manage all information assets that have large-scale and complex business processes.
・There is a shortage of personnel with specialized knowledge, so we would like to outsource the work.
- I want to appropriately assess risks to information assets and take effective countermeasures.
- We want to raise awareness of information security and maintain a process of continuous improvement.
- I would like support for software and hardware management and operation.
- We would like to conduct regular internal audits and find points for improvement.
- You want to develop response procedures and recovery plans in the event an incident occurs.
・In the first place, there is no one in the company who is familiar with the system. ...etc.
China Cyber Security Law Grade Protection System Certification Support Contents
We will listen to your information security issues and concerns and provide you with the optimal support plan for you.
In addition, after the grade protection certification is completed, we provide technical support such as cloud/server construction, operation and maintenance for more effective security management and operation of systems and applications. If you have any questions or concerns regarding information security management issues or improvements, please feel free to contact us.
● China Cloud / Server construction, operation and maintenance
| Support items | Support overview | Main support items |
| ① Consulting and advice for security improvement | Cloud technology and information security management professionals will listen to your security status and support you from system operation improvement planning to implementation. | ・Analysis and selection of system certification level ・Investigation of system security status ・Development of improvement plans ・Support for improvement implementation |
| ② Support for grade protection certification | Submit various materials required for grade protection certification and conduct grade protection certification examination by Chinese partner company. | ・Create and submit various materials Receive examination and examination results from an external third-party organization・Implement improvement activities (if there are any indications or deficiencies) |
| ③ Annual review support | At each annual renewal, we support the renewal of grade protection certification by conducting an examination by an external third-party organization. | ・Create and submit various materials Receive examination and examination results from an external third-party organization・Implement improvement activities (if there are any indications or deficiencies) |
*This support service supports Japanese and Chinese.
*If you have any requests for support other than those listed above, please contact us separately.
Supplementary information about this service
〇 The “Chinese Cybersecurity Law Grade Protection System Certification Support” provided by Beyond is a direct contract with the customer who actually installs and uses the service.
Our company, Beyond, does not accept projects that involve secondary contracting (secondary contracting) or any other commercial distribution or position. Thank you for your understanding.
