China Cybersecurity Law Grade Protection System Certification Support
China's Cybersecurity Law: MLPS (Multi-Level Protection System)
The China Cybersecurity Law's Multi-Level Protection Scheme (MLPS) is an important regulatory scheme introduced by the Chinese government to strengthen information security management, providing a framework for all companies and organizations to ensure the security of their information systems. The government classifies information systems into five levels based on their importance and risk, and requires that security measures be implemented according to each level
By undergoing a third-party assessment of their protection level, companies and organizations can obtain certification based on the results. In addition, by properly protecting their systems and information assets from cyber attacks and information leaks, they can prove to their customers and business partners that they meet the protection level requirements
Class protection level definition
| Level of Class Protection | overview | Impact on citizens, businesses and corporations | Impact on society and public interest | National security impact | Examples of target industries, business types, and systems |
| First class (self-protection) |
A system that will not have a serious impact on the nation or society even if an information leak occurs | Less than general damage | - | - | ・Personal websites (personal blogs, etc.) |
| Level 2 (Guidance and Protection) |
Systems in which information leakage could have a certain social and economic impact | Severe damage | General damage | - | ・Company and corporate homepages ・Education-related sites |
| Third class (supervision and protection) |
Systems in which information leakage could have a significant impact on the stability of the nation or society | - | Severe damage | General damage | ・EC sites ・Major company websites ・Financial institutions (other than banks) |
| Class 4 (forced protection) |
Systems that are important infrastructure for the nation and society and require the highest level of security | - | Severe damage | Severe damage | ・Banking ・Communications ・Transportation ・Power plants |
| Class 5 (control protection) |
Systems that are important infrastructure for the nation and society and require the highest level of security | - | - | Very severe damage | ・Government , defense and military related |
*Japanese companies and overseas corporations expanding into China are eligible for the above-mentioned "Level 2 (Guidance and Protection)" or "Level 3 (Supervision and Protection)" level protection certification
Information security subject to review
| Security Items | overview |
| IT infrastructure | Security of servers and network configurations (system redundancy, introduction of security products, etc.) * In the case of public clouds, the introduction of cloud security products is also subject to review. |
| Security Operations | Security for daily operations such as data backup and password management |
| application | Security of user information and personal information management in application design |
| Steps to certification of grade protection | ||||
| ① Level Certification | ② Report to the government | ③ Improvement | ④ Review by a third-party organization | ⑤ Certification (annual external audit) |
China Cybersecurity Law Grade Protection System Certification Support
China's Cybersecurity Law requires information system personnel in China to protect, manage, and maintain the information security of systems and applications
Beyond's "China Cybersecurity Law Classification Protection System Certification Support" provides security compliance consulting and system construction support based on the classification protection scheme required for companies and organizations in China
● The service will be provided by "Beyoutoku Technology (Shenzhen) Co., Ltd."
BEYOND's local subsidiary in China (wholly owned subsidiary), `` Yeyou Technology (Shenzhen) Co., Ltd. '' will provide corporate contracts in China, payments in Renminbi (RMB), and technical support in Japanese, Chinese, and English. We also support.
Support from information security professionals
- We want to comply with regulations and standards related to China's Cybersecurity Law.
- We want to manage all information assets, which have large-scale and complex business processes.
- We lack personnel with specialized knowledge, so we want to outsource.
- We want to properly assess the risks to information assets and take effective measures.
- We want to raise awareness of information security and maintain a process of continuous improvement. -
We need support with the management and operation of software and hardware. - We
want to conduct regular internal audits and identify areas for improvement.
- We want to establish response procedures and recovery plans in the event of an incident.
- To begin with, there is no one in our company who is knowledgeable about systems. ...etc.
China Cybersecurity Law Grade Protection System Certification Support Contents
We will listen to your information security issues and concerns and provide you with the best support plan for you
In addition, after the certification of grade protection is completed, we provide technical support such as cloud/server construction, operation and maintenance to manage and operate the security of systems and applications more effectively. Please feel free to contact us if you have any questions about issues or improvements in information security management
● China Cloud / Server construction, operation and maintenance
| Support items | Support Overview | Main support items |
| 1. Consulting and advice on security improvements | Cloud technology and information security management professionals will listen to your security status and provide support from planning to implementing improvements to your system operations | ・Analysis and selection of system authentication levels ・Investigation of system security status ・Formulation of improvement plans ・Support for improvement implementation |
| ② Support for grade protection certification | Submit all necessary documents for grade protection certification, and have your Chinese partner company conduct a grade protection certification review | ・Prepare and submit various documents Receive the review results from an external third-party organization・Implement improvement activities (if any issues or deficiencies are found) |
| ③ Annual review support | We support the renewal of grade protection certification by conducting an external third-party audit at each annual renewal | ・Prepare and submit various documents Receive the review results from an external third-party organization・Implement improvement activities (if any issues or deficiencies are found) |
*This is a support service available in Japanese and Chinese.
*If you have any requests for support content other than those listed above, please contact us separately.
Supplementary information about this service
〇 The "China Cybersecurity Law Classification Protection System Certification Support" provided by Beyond is a direct contract with the customer who actually implements and uses the service
Our company, Beyond, does not accept projects that involve secondary contracting (secondary contracting) or any other commercial distribution or position. Thank you for your understanding.
