JR/T 0197-2020 PDF English
US$955.00 · In stock · Download in 9 secondsJR/T 0197-2020: Financial data security - Guidelines for data security classification Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| JR/T 0197-2020 | English | 955 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
Financial data security - Guidelines for data security classification
| Valid |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: JR/T 0197-2020
JR/T 0197-2020: Financial data security - Guidelines for data security classification---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/JRT0197-2020
JR
FINANCIAL INDUSTRY STANDARD OF
THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.240.40
A 11
Financial data security - Guidelines for data security
classification
Issued on. SEPTEMBER 23, 2020
Implemented on. SEPTEMBER 23, 2020
Issued by. People’s Bank of China
Table of Contents
Foreword... 3
Introduction... 4
1 Scope... 5
2 Normative references... 5
3 Terms and definitions... 5
4 Objectives, principles and scope... 8
5 Data security grading... 10
6 Identification of important data... 21
Appendix A (Informative) Reference rules for data grading... 22
Appendix B (Informative) Changes in data security level... 79
Appendix C (Informative) Important data... 80
References... 82
1 Scope
This standard gives the objectives, principles and scope of financial data
security classification, as well as the elements, rules and classification process
of data security classification.
This standard applies to financial institutions to carry out electronic data security
classification work; provides a reference for third-party evaluation agencies and
other organizations to carry out data security inspection and evaluation.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 4754-2017 Industrial classification for national economic activities
GB/T 5271.1-2000 Information technology - Vocabulary - Part 1.
Fundamental terms
GB/T 25069-2010 Information security technology - Glossary
GB/Z 28828-2012 Information security technology - Guideline for personal
information protection within information system for public and commercial
services
GB/T 35273-2020 Information security technology - Personal information
security specification
JR/T 0158-2018 Data classification guidelines for securities and futures
industry
JR/T 0171-2020 Personal financial information protection technical
specification
3 Terms and definitions
The terms and definitions as defined in GB/T 25069-2010 and GB/T 35273-
2017 as well as the following terms and definitions apply to this document.
3.1
Information
Knowledge about objects (such as facts, events, things, processes or
thoughts, including concepts), which has a specific meaning in certain
situations.
Note. Rewrite GB/T 5271.1-2000, definition 2.01.01.01.
3.2
Data
The reinterpretable formal representation of information, to be suitable for
communication, interpretation or processing.
Note. It can be processed by manual or automatic means.
[GB/T 5271.1-2000, definition 2.01.01.02]
3.3
Privacy
The authority that an individual has to control or influence information related
to, which involves who collects and stores it, who discloses it.
[GB/T 25069-2010, definition 2.1.63]
3.4
Information processing
System execution of information operations, including data processing,
which can also include operations such as data communications and office
automation.
3.5
Data processing
System execution of data manipulation.
Examples. Mathematical operations or logical operations of data, data
merging or classification, program assembly or compilation, or text
operations, such as editing, classification, merging, storage, retrieval,
display or printing.
4 Objectives, principles and scope
4.1 Data security grading goals
Data security grading aims to comprehensively sort out data assets and
establish appropriate data security grade. It is a necessary prerequisite and
basis for financial institutions to implement effective data grading management.
4.2 Principles of data security grading
Data security grading follows the following principles.
4.3 Scope of data security classification
In the process of financial data security grading, non-electronic financial data
shall be implemented in accordance with relevant management regulations
such as archives and documents; financial data involving state secrets shall be
implemented in accordance with relevant national laws and regulations, which
is not within the scope of this standard. The data security classification of the
securities industry can be implemented with reference to JR/T 0158-2018.
5 Data security grading
5.1 Grading elements
5.1.1 Overview
Security (confidentiality, integrity, availability) is an important reference attribute
in information security risk assessment. The possible impact (such as possible
harm, loss or potential risk, etc.) after data security is breached is an important
basis for determining the data security level, which mainly considers the two
elements of the affected object and the degree of impact.
5.1.3 Degree of influence
The degree of influence refers to the magnitude of the impact after the data
security of financial institutions is damaged. From high to low, it is divided into
serious damage, general damage, minor damage, no damage. The relevant
description is as shown in Table 1, which can be used as the reference to judge
the degree of influence. The degree of influence should be determined by
comprehensively considering factors such as data type, data characteristics,
data scale, combined with financial business attributes to determine the degree
of influence after data security is breached, for example.
5.2 Element identification
5.2.1 Security impact assessment
Security impact assessment should comprehensively consider factors such as
data type, data content, data scale, data source, institutional functions,
5.3.2 General rules for grading
The general rules for the classification of financial data security levels include
but are not limited to.
5.4 Grading process
5.4.1 Organizational guarantee
Determine the highest decision-making organization for data security
management; establish and clarify relevant departments (or organizations) and
their responsibilities, including but not limited to.
5.4.2 System guarantee
Establish relevant systems for data classification work; clarify and implement
relevant work requirements, including but not limited to.
6 Identification of important data
The identification and verification of important data carried by financial
institutions should comply with the relevant regulations of the state and industry
authorities. Please refer to Appendix C for the description of the nature and
content of important data, which is only for reference when financial institutions
carry out data security classification work.
JR/T 0197-2020
JR
FINANCIAL INDUSTRY STANDARD OF
THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.240.40
A 11
Financial data security - Guidelines for data security
classification
Issued on. SEPTEMBER 23, 2020
Implemented on. SEPTEMBER 23, 2020
Issued by. People’s Bank of China
Table of Contents
Foreword... 3
Introduction... 4
1 Scope... 5
2 Normative references... 5
3 Terms and definitions... 5
4 Objectives, principles and scope... 8
5 Data security grading... 10
6 Identification of important data... 21
Appendix A (Informative) Reference rules for data grading... 22
Appendix B (Informative) Changes in data security level... 79
Appendix C (Informative) Important data... 80
References... 82
1 Scope
This standard gives the objectives, principles and scope of financial data
security classification, as well as the elements, rules and classification process
of data security classification.
This standard applies to financial institutions to carry out electronic data security
classification work; provides a reference for third-party evaluation agencies and
other organizations to carry out data security inspection and evaluation.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 4754-2017 Industrial classification for national economic activities
GB/T 5271.1-2000 Information technology - Vocabulary - Part 1.
Fundamental terms
GB/T 25069-2010 Information security technology - Glossary
GB/Z 28828-2012 Information security technology - Guideline for personal
information protection within information system for public and commercial
services
GB/T 35273-2020 Information security technology - Personal information
security specification
JR/T 0158-2018 Data classification guidelines for securities and futures
industry
JR/T 0171-2020 Personal financial information protection technical
specification
3 Terms and definitions
The terms and definitions as defined in GB/T 25069-2010 and GB/T 35273-
2017 as well as the following terms and definitions apply to this document.
3.1
Information
Knowledge about objects (such as facts, events, things, processes or
thoughts, including concepts), which has a specific meaning in certain
situations.
Note. Rewrite GB/T 5271.1-2000, definition 2.01.01.01.
3.2
Data
The reinterpretable formal representation of information, to be suitable for
communication, interpretation or processing.
Note. It can be processed by manual or automatic means.
[GB/T 5271.1-2000, definition 2.01.01.02]
3.3
Privacy
The authority that an individual has to control or influence information related
to, which involves who collects and stores it, who discloses it.
[GB/T 25069-2010, definition 2.1.63]
3.4
Information processing
System execution of information operations, including data processing,
which can also include operations such as data communications and office
automation.
3.5
Data processing
System execution of data manipulation.
Examples. Mathematical operations or logical operations of data, data
merging or classification, program assembly or compilation, or text
operations, such as editing, classification, merging, storage, retrieval,
display or printing.
4 Objectives, principles and scope
4.1 Data security grading goals
Data security grading aims to comprehensively sort out data assets and
establish appropriate data security grade. It is a necessary prerequisite and
basis for financial institutions to implement effective data grading management.
4.2 Principles of data security grading
Data security grading follows the following principles.
4.3 Scope of data security classification
In the process of financial data security grading, non-electronic financial data
shall be implemented in accordance with relevant management regulations
such as archives and documents; financial data involving state secrets shall be
implemented in accordance with relevant national laws and regulations, which
is not within the scope of this standard. The data security classification of the
securities industry can be implemented with reference to JR/T 0158-2018.
5 Data security grading
5.1 Grading elements
5.1.1 Overview
Security (confidentiality, integrity, availability) is an important reference attribute
in information security risk assessment. The possible impact (such as possible
harm, loss or potential risk, etc.) after data security is breached is an important
basis for determining the data security level, which mainly considers the two
elements of the affected object and the degree of impact.
5.1.3 Degree of influence
The degree of influence refers to the magnitude of the impact after the data
security of financial institutions is damaged. From high to low, it is divided into
serious damage, general damage, minor damage, no damage. The relevant
description is as shown in Table 1, which can be used as the reference to judge
the degree of influence. The degree of influence should be determined by
comprehensively considering factors such as data type, data characteristics,
data scale, combined with financial business attributes to determine the degree
of influence after data security is breached, for example.
5.2 Element identification
5.2.1 Security impact assessment
Security impact assessment should comprehensively consider factors such as
data type, data content, data scale, data source, institutional functions,
5.3.2 General rules for grading
The general rules for the classification of financial data security levels include
but are not limited to.
5.4 Grading process
5.4.1 Organizational guarantee
Determine the highest decision-making organization for data security
management; establish and clarify relevant departments (or organizations) and
their responsibilities, including but not limited to.
5.4.2 System guarantee
Establish relevant systems for data classification work; clarify and implement
relevant work requirements, including but not limited to.
6 Identification of important data
The identification and verification of important data carried by financial
institutions should comply with the relevant regulations of the state and industry
authorities. Please refer to Appendix C for the description of the nature and
content of important data, which is only for reference when financial institutions
carry out data security classification work.
......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Tips & Frequently Asked QuestionsQuestion 1: How long will the true-PDF of English version of JR/T 0197-2020 be delivered?Answer: The full copy PDF of English version of JR/T 0197-2020 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice. Question 2: Can I share the purchased PDF of JR/T 0197-2020_English with my colleagues?Answer: Yes. The purchased PDF of JR/T 0197-2020_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- JR/T 0197-2020 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds. How to buy and download a true PDF of English version of JR/T 0197-2020?A step-by-step guide to download PDF of JR/T 0197-2020_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "JR/T 0197-2020".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9
|