{primary} Since November 30, 2018, apps with social features are required to complete a security assessment.
Internet Information Service Security Assessment is a process of evaluating and reviewing the security and compliance of internet services, their corresponding platforms, applications, or websites, as required by the Cyberspace Administration of China (CAC). The purpose of this process is to identify and mitigate potential security risks, privacy issues, legal violations, and other threats that may affect internet information services.
According to the provisions of CAC, the security assessment is required for apps running forums, blogs, microblogs, chat rooms, communication groups, official accounts, short videos, live streaming, information sharing, mini-programs, deep synthesis and other Internet information services that provide channels for the expression of public opinions or destabilize public opinions.
We will assist you with the security assessment if required. In addition to basic information about the app, we will need you to respond to the following questions.
# | Questions |
---|---|
1 | How have you established the safety management superintendent, the information reviewer, and the information safety management administration? |
2 | How do you verify users' real identity, and how do you retain the registration information? |
3 | What are your retention measures on user's account, operation time, operation type, network addresses (source and destination), network source port, characteristics of client hardware, the record of the information posted and other logging information. |
4 | What are your measures for the preventing, dispose, and record retention of illegal and harmful information in the name, nickname, profile, remarks, identification, information posts, reposts, comments and distribution group, as well as other services functions? |
5 | What are your technical measures for protecting personal information and preventing the spread of illegal (and harmful) information, as well as the risk of out-of-control social mobilization capabilities? |
6 | How have you established your complaint and reporting system? How have you published the information about the complaint and reporting methods? How do you accept and handle the complaint and reporting cases in time? |
7 | What is your working mechanism to provide technical & data support and assistance to the regulator agencies and law enforcement agencies in performing their duties in accordance with the law? |
There is no clear timeframe for official approval of the security assessment, which depends on the work schedule of the local cybersecurity department, and we expect it to be completed within eight weeks.