GB/T 43710-2025 English PDF

US$439.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 43710-2025: Requirements for auditing of scientific data security
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GB/T 43710-2025	439	Add to Cart	4 days	Requirements for auditing of scientific data security	Valid

Similar standards

GB/T 43779   GB/T 43696   GB/T 42453   GB/T 37027   GB/T 19713   

Basic data

Standard ID: GB/T 43710-2025 (GB/T43710-2025)
Description (Translated English): Requirements for auditing of scientific data security
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.240
Word Count Estimation: 22,272
Date of Issue: 2025-01-24
Date of Implementation: 2025-01-24
Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration

GB/T 43710-2025: Requirements for auditing of scientific data security

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.240 CCSL80 National Standard of the People's Republic of China Scientific Data Security Audit Requirements Released on 2025-01-24 2025-01-24 Implementation State Administration for Market Regulation The National Standardization Administration issued

Table of Contents

Preface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 General Principles of Auditing 2 4.1 Overview 2 4.2 Audit Basis 2 4.3 Audit Objective 2 5 General Audit Requirements 3 5.1 Overview 3 5.2 Security Strategy 3 5.3 Organizational Construction 3 5.4 Human Resource Management 3 5.5 Business Continuity Management 3 5.6 Management Supervision 4 5.7 Security Management 4 5.7.1 Safety Management Measures 4 5.7.2 Classification and grading management 4 5.7.3 Risk Management 4 5.7.4 Internal Review 4 5.8 Scientific Data Lifecycle Business Process 4 5.8.1 Scientific Data Life Cycle 4 5.8.2 General requirements 5 5.8.3 Collection and processing 5 5.8.4 Storage backup 5 5.8.5 Transmission Exchange 6 5.8.6 Open Sharing 6 5.8.7 Use of Service 6 5.8.8 Safety Disposal 7 6 Special audit requirements 7 6.1 Overview 7 6.2 Personal Information Security 7 6.2.1 General Management 7 6.2.2 Identification and classification of personal information 8 6.2.3 Automated decision-making to process personal information 8 6.2.4 Personal Information Security Impact Assessment 8 6.2.5 Outbound Security Risk Assessment 8 6.2.6 Emergency Management 8 6.2.7 Internal Review 8 6.3 Submission Security 9 6.3.1 General Management 9 6.3.2 Classification and grading management 9 6.3.3 Storage and transmission security management 9 6.3.4 Registration and management of submitted data 9 6.3.5 Internal Review 9 6.4 Data Transmission Security 9 6.4.1 General Management 9 6.4.2 Security of Personal Information Transfer Abroad10 6.4.3 Classification and grading management 10 6.4.4 Security risk assessment 10 6.4.5 Internal Review 10 Appendix A (Informative) Audit Process 11 A.1 Overview 11 A.2 Audit Process11 Appendix B (Informative) Audit Report 12 B.1 Overview 12 B.2 Types of audit reports12 B.3 Structure and content of audit reports 12 B.4 Audit report sample 13 References 16

Foreword

This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document was proposed by the Ministry of Science and Technology. This document is under the jurisdiction of the National Science and Technology Platform Standardization Technical Committee (SAC/TC486). This document was drafted by. Computer Network Information Center of the Chinese Academy of Sciences, China National Institute of Standardization, China Network Security Review Technology and Certification Center, China Academy of Information and Communications Technology, China Software Evaluation Center (Software and Integrated Circuit Promotion Center of the Ministry of Industry and Information Technology), Beijing University of Posts and Telecommunications, Institute of High Energy Physics, Chinese Academy of Sciences, Institute of Information Engineering, Chinese Academy of Sciences, Beijing Shenzhou Green Alliance Technology Co., Ltd., Guangzhou Internet of Things Research Institute, Beijing Dikan Technology Co., Ltd., Fujian CITIC Network Security Information Technology Co., Ltd., Fujian Big Data Primary Development Co., Ltd. company. The main drafters of this document are. Liao Fangyu, Wei Jinxia, Zhao Jing, Li Jing, Long Chun, Du Guanyao, Wan Wei, Yang Fan, Wang Yueda, Fu Yuhao, Hu Lianglin, Zhu Yanhua, Yu Jianjun, Li Chong, Li Jingjing, Wang Zhiqiang, Yang Qinghai, Xu Kaicheng, Gan Jiefu, Jing Huiyun, Zhou Runsong, Guo Ying, Liu Jianyi, Qi Fazhi, Hou Fengyao, Ma Duohe, Wang Yan, Xu Zhen, Wang Liming, Ye Xiaohu, Wu Tiejun, Wang Wei, Li Dong, He Ying, Li Zhe.

Introduction

Scientific data is a strategic and basic scientific and technological resource with the characteristics of the fastest transmission speed, the widest impact, and great potential for development and utilization. The data security law of the People’s Republic of China has a profound impact on the economic development, national security, scientific and technological progress and overall competitiveness of all countries. The Personal Information Protection Law of the People's Republic of China and the Cybersecurity Law of the People's Republic of China together constitute the basis for the governance of my country's network data field. The new law marks the gradual maturity of the system construction that matches my country's status as a major network power and a digital power. It is proposed that "the security management of scientific data throughout its life cycle should be strengthened, and scientific data security protection measures should be formulated; the authentication and authorization of data downloads should be strengthened. This document is aimed at the security and compliance needs of scientific data in the natural sciences and can promote the scientific data The data security capabilities of relevant institutions will be improved, and scientific data security audits will be standardized to meet national compliance requirements. This document is a basic scientific data security standard applicable to scientific data agencies and is used to ensure the security of scientific data in their activities. The relevant requirements for scientific data security audits are stipulated, including general requirements, general audit requirements and special audits. The general requirements mainly describe the audit basis and audit objectives. The general audit requirements are to comprehensively evaluate the scientific data related institutions. The audit is conducted to assess the achievement of the organization's safety goals, including safety strategy, organizational construction, human resource management, management supervision, safety management, scientific and mathematical Conduct general audits on scientific data security control work in terms of life cycle business processes, etc. Special audit requirements are based on external Audits based on requirements and internal special requirements can meet the needs of scientific data related institutions for personal information security, submission security, and data export security. In view of the continuous improvement of the national data security compliance supervision system, the content of special audits will be further improved. New, meeting national regulatory requirements. The requirements for scientific data security audits are intended to objectively reflect the implementation of security controls in scientific data-related activities. Scientifically evaluate the confidentiality, availability, integrity, reliability, controllability, traceability, non-repudiation and other security goals and compliance of the system. Evaluation of data security controls. Scientific Data Security Audit Requirements

1 Scope

This document specifies the relevant requirements for scientific data security audits, including overall requirements, general audit requirements and special audit requirements. This document is applicable to scientific data organizations for auditing security control activities involved in scientific data related activities.

2 Normative references

The contents of the following documents constitute the essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 25069 Information security technical terms GB/T 35294 Information Technology Scientific Data Citation GB/T 36092-2018 Information technology backup storage backup technology application requirements GB/T 39335 Information Security Technology Personal Information Security Impact Assessment Guide GB/T 42574 Information Security Technology Implementation Guidelines for Notification and Consent in the Processing of Personal Information GB/T 43705 Guidelines for the classification and grading of scientific data security GB/T 43708 General requirements for scientific data security GB/T 44024 Basic requirements for the protection of scientific data rights and interests

3 Terms and definitions

The terms and definitions defined in GB/T 25069 and GB/T 43708 and the following apply to this document. 3.1 scientific datascientificdata In the fields of natural sciences, engineering sciences, etc., the Records of original and derived information obtained by other means, or other data that can be used for scientific research activities. [Source. GB/T 43708-2025, 3.1] 3.2 Through management and technical measures, we will ensure the continuity of scientific data in the interests of national security, scientific and technological security, social public interests and the legitimate rights and interests of others. A state of being effectively protected and used in compliance with regulations. [Source. GB/T 43708-2025, 3.2] 3.3 Scientific data is collected and processed, stored and backed up, transmitted and exchanged, shared, used and served, safely disposed, and finally reused. Circular process. [Source. GB/T 43708-2025, 3.3] ......

Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 43710-2025_English be delivered?

Answer: Upon your order, we will start to translate GB/T 43710-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 43710-2025_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 43710-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.