On 15 April 2024, the National Network Security Standardization Technical Committee (TC260) published and opened a public consultation on the draft standard on data security technology security requirements for government data processing until 14 June 2024. The draft standard outlines guidelines for government data processing security, including technical requirements, personal information protection, and assessment methods. It establishes a framework for secure data handling, covering aspects such as organisation, systems, and third-party services. Additionally, it provides operational and supervisory requirements to ensure compliance and effectiveness. In regard to the obligations of the third parties entrusted to government data processing, the draft specifies that they have to comply with legal and contractual requirements regarding government data handling. They should establish organisational security measures, with the entrusting party overseeing security. Additionally, they must manage personnel security, including background checks and training, and provide regular feedback to enhance security measures based on assessments.
Original source