China: National Information Security Standardisation Technical Committee adopted guidelines on service capability requirements for professional institutions of personal information protection compliance audits

On 26 May 2025, the National Network Security Standardisation Technical Committee (TC260) adopted the cybersecurity standard practice guidelines on service capability requirements for professional institutions of personal information protection compliance audits. The guidelines aim to assist auditors by providing a framework for developing compliance audit services and to support auditees with selecting a qualified auditor. The guidelines detail 5 aspects of an organisation that auditors should meet before conducting audits of compliance with national data security laws and regulations and are addressed to both auditors and auditees. The 5 aspects are basic conditions, management capabilities, professional capabilities, personnel capabilities, and venue and equipment resource capabilities.