Legal & IT Solutions
Wang Jing & GH Law Firm & Exprivia China aim to provide consultation in IT security and legal assessments, cybersecurity assessments, IT risk assessments, or vulnerability risk assessments, which are critical for finding security vulnerabilities in your organization. Without a security risk assessment, security and recovery programs are incomplete and ineffective. Conducting regular vulnerability assessments from both legal and IT perspective can lower the risks of security disasters and potentially prevent your organization to face the legion of consequences accompanying a security breach.
(D) Are companies required emergency measures for security incidents?
(A) Organizations are required under various laws to take measures to monitor, detect, prevent, or mitigate cybersecurity incidents. The Cybersecurity Law (“CSL”), the Data Security Law (“DSL”), the Personal Information Protection Law (“PIPL”), the Regulations on the Security Protection of Computer Information System, and other relevant laws and regulations provide the legal measures that any person must consider when facing cybersecurity incidents.
(D) What is the preventive maintenance to take place?
(E) Organizations are required under various laws to take measures to monitor, detect, prevent, or mitigate cybersecurity incidents. The Cybersecurity Law (“CSL”), the Data Security Law (“DSL”), the Personal Information Protection Law (“PIPL”), the Regulations on the Security Protection of Computer Information System, and other relevant laws and regulations provide the legal measures that any person must consider when facing cybersecurity incidents.
These legal duties are extensive and consider different issues: security measures, such as the installation of anti-virus software, use of beacon and honeypot, and regular employee training; emergency measures, such as the implementation of an emergency plan to give a prompt response to any security risks. Other measures provide for an after-action review and cyber threats recordings, cybersecurity breaches report, and the notification of affected individuals.
(D) What are the consequences of non-compliance?
(A) Violation of these laws can bring administrative fines, confiscation of illegal income, suspension of business, or revocation of business license.
Besides the above-mentioned laws and regulations, China also takes a sectoral approach to the protection of information security. For example, industries or sectors such as telecoms, credit reporting, banking and finance, automobile, and insurance are subject to some specific requirements concerning the protection of data, prevention of information leakage, and emergency response to cybersecurity incidents.
Centralized IT System
Implement one or a platform in which all business-related data could be stored and managed under the control of the company.
Data Localization analysis
In order to clearly map where the data are located and very useful if the company is using cloud/external services or software databases located in partners/suppliers' datacenters.
Data classification and grading
Clarifying how to classify information including general, sensitive, and private personal.
Protection mechanisms
By using special software and tools is possible to guarantee a high standard to safeguard passwords, authentications, and authorizations.
Conduct a data risk assessment
To check the level of security risks the company is facing with the help of dedicated software and cybersecurity experts.
Regular Training
Ensure that the employees have the right knowledge on data security handling and risk prevention.
Conducting security risk assessments can improve your organization’s security and maximize your business continuity, profitability, and growth. Contact us for a FREE consultation at: lucini@wjngh.cn (Wang Jing & GH Law Firm) and simone.ciampi@exprivia.cn or antonio.puca@exprivia.cn (Exprivia).