Section 21 of the Cybersecurity Law of the People’s Republic of China (which came into force on 1 June 2017), states that, “China [shall] implement a cybersecurity classified protection system”. This said cybersecurity classified protection is a rudimentary system aimed at protecting the cybersecurity of China and is also a fundamental safeguard in the protection of information development and maintenance of information security of the country. Cybersecurity protection consists of five categories (with Class V being the highest ranking), based on factors such as the importance of the information system in relation to national security, economic development and social and daily life as well as the extent of the detriment to national security, social order, public interest and citizens, corporations and other organizations when the same is damaged or impaired.
Pursuant to cybersecurity classified protection criteria and relevant regulations, the Tencent Finance Cloud Platform has completed Class IV testing and registration, while Tencent Public Cloud as well as the Customer Service System, Billing System and Operations & Maintenance Management System for the Tencent Cloud Platform, have completed the testing and registration under Class III.
According to the cybersecurity classified protection, information systems of varying security classes should be equipped with differing levels of security protection capabilities. With the conclusion of cybersecurity classified protection evaluation for Tencent Cloud, it represents that Tencent Cloud has and will strictly adhere to the national technical protection and security management requirements in relation to cloud computing platform security development. As such, it is able to render to corporate users across industries and business lines services that facilitate classified protection compliance. Further, Tencent Cloud is able to assist corporations in providing proof of secure cloud platform operations during the evaluation of their classified protection compliance as well as to provide corporate users with enhanced security capabilities that are necessary for business systems, so as to satisfy the classified protection compliance requirements.
For users of cloud services, when undergoing evaluation on cybersecurity classified protection, other than their own business systems and virtual resources (such as cloud hosting, cloud database and cloud network) that manage operations and maintenance, it is not necessary to conduct a duplicate assessment with regard to the infrastructure provided by the cloud platform, thereby reducing complexity in the classified protection compliance process.
With the enactment of the Cybersecurity Law, the definition and relevant protection requirements pertaining to “personal information” have been clarified from a legal standpoint. Tencent Cloud has always placed much weight on the information protection of cloud users, and the Tencent Cloud classified protection naturally encompasses security capabilities in this respect.