On December 20, 2019, The Ministry of Industry and Information Technology (MIIT) published the Classification Guideline on the Cybersecurity of Industrial Internet Enterprises (Trial) (Draft for Comments), together with the Catalogue of Industries Under the Classification Protection of Cybersecurity of Industrial Internet
- Who should follow the Guideline?
The Guideline mainly provides guidance for the cybersecurity classification of industrial enterprises that use industrial internet, such as enterprises mainly involved in the machinery industry, consumer goods industry and electronic devices manufacturing industry, etc. The enterprises who offer communication services to industrial enterprises will not need to follow this guideline.
- Catalogue of industries under the classification protection of cybersecurity of industrial internet
- Responsibilities of the Industrial Internet Enterprises in the Catalogue
- Level 2 and Level 3 industrial internet enterprises shall establish and improve the working system of cybersecurity protection, set up specialized cybersecurity protection departments, organize cybersecurity protection training, and carry out cybersecurity assessments.
- Level 2 and Level 3 industrial internet enterprises shall take corresponding technical protection measures according to the requirements of the industrial internet cybersecurity protection standards and technical specifications. They should also construct and improve the industrial internet security monitoring platform within the enterprises, and the monitoring platform should be connected to the provincial or above industrial internet security monitoring platform.
- Level 3 industrial internet enterprises shall conduct a cybersecurity risk assessment and audit at least once a year. Level 2 industrial internet enterprises shall conduct a cybersecurity risk assessment and audit at least once every two years.