On 27 November 2018 the Cybersecurity Bureau of the Ministry of Industry and Information Technology released its checking results for seven inspected telecom enterprises and required them to rectify the loopholes and vulnerabilities of their networks or systems as notified.(1)
The inspected telecom enterprises were found to have had the following major issues:
- Medium and high-risk loopholes were found in the business systems and equipment (including their official websites).
- The enterprises failed to grade and register for the officially available systems.
- The current security risk assessment did not cover all of the external business systems and important internal systems.
- There were no departments or persons responsible for cybersecurity.
- There was no established data protection self assessment.
- No security assessment system was established for new services.
- No supporting and operating management system was established for the network information security management system.
- The existing network information security management system did not meet the industry standards.
- No working procedures or security management systems were established for the collection and use of personal information.
- No review system was established for the export, copy and destruction of information in batch.
For further information on this topic please contact Samuel Yang or Yang Chen at AnJie Law Firm by telephone (+86 10 8567 5988) or email ([email protected] or [email protected]). The AnJie Law Firm website can be accessed at www.anjielaw.com.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.
Endnotes
(1) Available here.
