Comments sought on information security measurement and evaluation specification of apps

On 19 April 2021 the National Information Security Standardisation Technical Committee issued the Information Security Technology – Personal Information Security Measurement and Evaluation Specification in Mobile Internet Applications (Draft for Comment) to solicit public comments by 18 June 2021. The draft for comment sets out implementation processes for carrying out the measurement and evaluation of personal information security in mobile apps in accordance with the Information Security Technology – Personal Information Security Specification, as well as methods to conduct the measurement and evaluation which correspond to various security requirements. It therefore offers guidance to third-party agencies which carry out the measurement and evaluation of personal information security in apps. According to the draft for comment, such measurement and evaluation will centre on apps, app servers and relevant technical documents, among others, and will cover the preparation, implementation, result determination and reporting stages.

The draft for comment details the requirements set out by the specification. App operators may follow these requirements and use the methods described in the draft for comment to assess whether apps comply with the specification.