With the new Multi-Level Protection Scheme 2.0 (MLPS), the regulatory pressure on companies operating in China continues to increase. The regulatory system for data and cyber security forces all companies to ensure, according to the specifications of a multi-level protection scheme, that their network is free of interference, damage or unauthorized access and that no network data can be passed on, stolen or falsified. The scope of the mandatory MLPS is wide and includes practically all companies operating in China.
The Multi-Level Protection Scheme has 5 security levels, which vary in risk level from 1 = low to 5 = very high. In order to be assigned to a level, companies must first conduct a self-assessment based on the defined catalog of requirements. Those enterprises, which reach a classification of the level 2 or higher in this pre-estimation, are obligated then to assign a qualified and authorized expert with an additional inspection and verification of the network security. If the result is positive, the company can apply for the necessary certification by the police at provincial level to continue its business operations.
The technical aspects of network security are assessed, as well as security management, which includes the management of security personnel, policies and procedures, and system setup and maintenance. A critical factor is that the regulatory authorities have access to the companies’ networks and that confidential data and information can be tapped as a result.
We strongly recommend that all companies operating in China tackle the implementation of the MLPS quickly – even if it requires a considerable investment of time, money and human resources. The enforcement of the system by the Chinese government is in full swing and will be intensified. Those who fail to meet the MLPS requirements are threatened with severe penalties. These include not only heavy fines, but also blacklisting in the Corporate Social Credit System, which can lead to the closure of corporate networks, restrictions on Internet use and freedom of travel, and the exclusion of business in certain areas. If things get tough, the business license can be revoked.
CHINABRAND IP CONSULTING will conduct a webinar on the topic of MLPS in German language on November 25, 2020 at 10:00 a.m. Click here to watch the Youtube Video.
Your Partner for MLPS 2.0 Implementation
CHINABRAND supports companies to implement the MLPS 2.0 regulations from initial IT systems assessment and preliminary classification to acceptance by certified auditors in China.
- Preliminary classification of the IT systems and determination of the necessary protection
- Registration and certification by the public security authority
- Gap analysis and remediation plan in case of optimization needs
- Security assessment by authorized auditors
- Submission of the assessment report to the public safety authority