China: National Cybersecurity Standardisation Technical Committee closes consultation on requirements for audit and certification bodies for cybersecurity technology information security management system

On 19 May 2025, China's National Cybersecurity Standardisation Technical Committee (TC 260) closes its consultation on the standard on requirements for audit and certification bodies for cybersecurity technology information security management system. The standard applies to certification bodies auditing and certifying Information Security Management Systems, setting requirements to ensure competence, consistency, and impartiality. The standard introduces new definitions, revised competency criteria for auditors and technical experts, updated provisions for remote audits, adjusted audit duration calculations, and changes to certification documentation rules. The standard also aligns with China’s cybersecurity framework by modifying references and terminology.