China Cybersecurity Law Grade Protection System Certification Support
China's Cybersecurity Law: MLPS (Multi-Level Protection System)
The China Cybersecurity Law's Multi-Level Protection Scheme (MLPS) is an important regulatory scheme introduced by the Chinese government to strengthen information security management, providing a framework for all companies and organizations to ensure the security of their information systems. The government classifies information systems into five levels based on their importance and risk, and requires that security measures be implemented according to each level
By undergoing a third-party assessment of their protection level, companies and organizations can obtain certification based on the results. In addition, by properly protecting their systems and information assets from cyber attacks and information leaks, they can prove to their customers and business partners that they meet the protection level requirements
Class protection level definition
| Level of Class Protection | overview | Impact on citizens, businesses and corporations | Impact on society and public interest | National security impact | Examples of target industries, business types, and systems |
| First class (self-protection) |
A system that will not have a serious impact on the nation or society even if an information leak occurs | Less than general damage | - | - | ・Personal websites (personal blogs, etc.) |
| Level 2 (Guidance and Protection) |
Systems in which information leakage could have a certain social and economic impact | Severe damage | General damage | - | • Corporate and organizational websites • Educational websites |
| Third class (supervision and protection) |
Systems in which information leakage could have a significant impact on the stability of the nation or society | - | Severe damage | General damage | • E-commerce sites • Homepages of major companies • Financial institutions (other than banks) |
| Class 4 (forced protection) |
Systems that are important infrastructure for the nation and society and require the highest level of security | - | Severe damage | Severe damage | Banking, telecommunications , transportation , and power plants. |
| Grade 5 (Control and Protection) |
Systems that are important infrastructure for the nation and society and require the highest level of security | - | - | Very severe damage | - Government , national defense, and military-related |
*Japanese companies and overseas corporations expanding into China are eligible for the above-mentioned "Level 2 (Guidance and Protection)" or "Level 3 (Supervision and Protection)" level protection certification
Information security subject to review
| Security Items | overview |
| IT infrastructure | Security of servers and network configurations (system redundancy, implementation of security products, etc.) *In the case of public clouds, the implementation of cloud security products will also be subject to review. |
| Security Operations | Security for daily operations such as data backup and password management |
| application | Security of user information and personal information management in application design |
| Steps to certification of grade protection | ||||
| ① Level Certification | ② Report to the government | ③ Improvement | ④ Review by a third-party organization | ⑤ Certification (annual external audit) |
China Cybersecurity Law Grade Protection System Certification Support
The Chinese Cybersecurity Law requires information systems personnel within China to manage and maintain the information security of their systems
Beyond's "China Cybersecurity Law Graded Protection System Certification Support" helps companies and organizations in China build security compliance systems based on the required graded protection scheme
● Services will be provided by "Beyond Technology (Shenzhen) Co., Ltd."
Beyond's Chinese subsidiary (wholly owned subsidiary), "Beyond Technology (Shenzhen) Co., Ltd.", will handle corporate contracts in China, payments in Chinese Yuan (RMB), and technical support in Japanese, Chinese, and English.
Do you have any of these concerns or cases? Please contact us first!
- We want to comply with the regulations and standards of China's Cybersecurity Law.
- We want to manage all information assets, including those with large and complex business processes.
- We lack personnel with specialized knowledge, so we want to outsource.
- We want to properly assess the risks to our information assets and take effective countermeasures.
- We want to raise awareness of information security and maintain a continuous improvement process. -
We need support for the management and operation of software and hardware.
- We want to conduct regular internal audits and identify areas for improvement.
- We want to establish procedures for responding to incidents and recovery plans.
- We don't have anyone in-house who is knowledgeable about systems. ...etc.
Main contents of the support
We will listen to your information security issues and concerns and provide you with the best support plan for you
Furthermore, after the certification of your security level is complete, we provide technical support such as cloud construction, operation, and maintenance to ensure more stable system management and operation. Please feel free to contact us if you have any questions or concerns regarding information security challenges or improvements
● Cloud infrastructure construction, operation, and maintenance in China
| Support items | Support Overview | Main support items |
| ① Support for improving security systems | Cloud technology and information security management professionals will listen to your security status and provide support from planning to implementing improvements to your system operations | - Analysis and selection of system authentication levels - Investigation of system security status - Development of improvement plans - Support for improvement implementation |
| ② Support for grade protection certification | Submit all necessary documents for grade protection certification, and have your Chinese partner company conduct a grade protection certification review | - Prepare and submit various documents - Obtain review from an external third-party organization - Receive the review results - Implement improvement activities (if there are any issues or deficiencies) |
| ③ Annual review support | We support the renewal of grade protection certification by conducting an external third-party audit at each annual renewal | - Prepare and submit various documents - Obtain review from an external third-party organization - Receive the review results - Implement improvement activities (if there are any issues or deficiencies) |
* Support services are available in Japanese and Chinese.
* For any requests other than those listed above, please contact us separately.
Supplementary information for this service
〇 The "China Cybersecurity Law Classification Protection System Certification Support" provided by Beyond is a direct contract with the customer who actually implements and uses the service
Please note that Beyond does not accept projects that involve a secondary contract or position beyond that
