HOME Cart(12) Quotation About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GB/T 41817-2022 English PDF

US$409.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 41817-2022: Information security technology - Guidelines for personal information security engineering
Status: Valid

Standard ID	Contents [version]	USD	STEP2	[PDF] delivered in	Standard Title (Description)	Status	PDF
GB/T 41817-2022	English	409	Add to Cart	4 days [Need to translate]	Information security technology - Guidelines for personal information security engineering	Valid	GB/T 41817-2022

PDF similar to GB/T 41817-2022

Standard similar to GB/T 41817-2022

GB/T 41479 GB/T 41388 GB/T 41871 GB/T 41807

Basic data

Standard ID	GB/T 41817-2022 (GB/T41817-2022)
Description (Translated English)	Information security technology - Guidelines for personal information security engineering
Sector / Industry	National Standard (Recommended)
Classification of Chinese Standard	L80
Classification of International Standard	35.030
Word Count Estimation	22,284
Date of Issue	2022-10-14
Date of Implementation	2023-05-01
Issuing agency(ies)	State Administration for Market Regulation, China National Standardization Administration

GB/T 41817-2022: Information security technology - Guidelines for personal information security engineering

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology -- Guidelines for personal information security engineering ICS 35.030 CCSL80 National Standards of People's Republic of China Information Security Technology Personal Information Security Engineering Guide engineering Published on 2022-10-12 2023-05-01 Implementation State Administration for Market Regulation Released by the National Standardization Administration directory Preface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 General 2 5.1 Personal Information Security Engineering Principles 2 5.2 Personal Information Security Project Objective 2 5.3 Personal information security engineering stage 3 5.4 Personal information security engineering preparation 3 6 Personal information security engineering requirements stage 3 6.1 Description 3 6.2 Input 4 6.3 Roles and Responsibilities 4 6.4 Main Activities 4 6.5 Output 5 7 Personal information security engineering design stage 5 7.1 Description 5 7.2 Input 5 7.3 Roles and Responsibilities 5 7.4 Main Activities 5 7.5 Output 7 8 Personal information security engineering development stage 7 8.1 Description 7 8.2 Input 7 8.3 Roles and Responsibilities 7 8.4 Main Activities 7 8.5 Output 8 9 Personal Information Security Engineering Test Phase 9 9.1 Description 9 9.2 Enter 9 9.3 Roles and Responsibilities 9 9.4 Main Activities 9 9.5 Output 10 10 Personal information security project release stage 10 10.1 Description 10 10.2 Enter 10 10.3 Roles and Responsibilities 10 10.4 Main Activities 10 10.5 Output 11 Appendix A (Informative) Common Personal Information Security Design Reference Points 12 Appendix B (Informative) Common Personal Information Security Default Configuration Reference Points 15 Reference 16

foreword

This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents" drafted. Please note that some content of this document may be patented. The issuing agency of this document assumes no responsibility for identifying patents. This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This document was drafted by. China Electronics Standardization Institute, Huawei Technologies Co., Ltd., Beijing Baidu Netcom Technology Co., Ltd., Shenzhen Tencent Computer System Co., Ltd., Alibaba (Beijing) Software Services Co., Ltd., Lenovo (Beijing) Co., Ltd., Ant Technology Group Co., Ltd., Shanghai Fangda (Beijing) Law Firm, Beijing Jingdong Shangke Information Technology Co., Ltd., Beijing Sankuai Technology Co., Ltd. Co., Ltd., Bank of China Co., Ltd., CLP Great Wall Internet System Application Co., Ltd., Microsoft (China) Co., Ltd., Quanzhi Technology (Hangzhou) Co., Ltd., Beijing Qihoo Technology Co., Ltd., Beijing Byte Beat Technology Co., Ltd., Shell Search (Beijing) Technology Co., Ltd. Company, Beijing Xiaoju Technology Co., Ltd., Qinzhi Digital Technology Co., Ltd., Shaanxi Provincial Network and Information Security Evaluation Center, Xi'an Electronics University of Science and Technology, Beijing University of Posts and Telecommunications, Shanghai Industrial Control Security Innovation Technology Co., Ltd., East China Normal University, Zhejiang Pengxin Information Technology Co., Ltd. Ltd. The main drafters of this document. Liu Xiangang, Hu Ying, Xu Yujia, Fan Wei, Sun Shuo, Guo Tietao, Li Ruxin, Jia Xuefei, Wang Xin, Wang Jiamin, Sudan, Bai Xiaoyuan, Wu Yang, Zhao Ranran, Yang Jianyuan, Yan Shaomin, Liu Xiaocen, Luo Zhibing, Chen Xuexiu, Bai Yang, Zhou Chenwei, Liu Xing, Wang Jiao, Wang Bingzheng, Min Jinghua, Wang Jinsong, Zhang Yawei, Zhang Bingye, Zhang Yi, Liu Kaihong, Zhang Chao, Yi Qiang, Sun Tie, Li Zheng, Li Jun, Pei Qingqi, Wei Yufeng, Zhu Tong, Deng Ting, Sun Yan, Chen Shu, Zhang Yuguang, Xu Guoai, Pu Geguang, Liu Hong, Chen Mingsong, Zou Nan.

Introduction

In order to regulate the personal information processing activities of network products and services, and protect the rights and interests of users' personal information to the greatest extent, the industry has successively proposed personal information. The concept of simultaneous planning, simultaneous construction and simultaneous use of information security measures and products and services. For example, the EU General Data Protection Regulation stipulates that In the product design stage, personal information protection requirements should be considered, and the default settings of the product should also protect the user's personal information to the greatest extent possible. this is not It only helps to actively defend against personal information security risks, and it is also convenient to prevent the occurrence of incidents that infringe on the rights and interests of users' personal information. In accordance with the requirements of personal information protection laws, regulations and policy standards, and in combination with domestic and foreign practical experience in privacy engineering, this document gives The guidelines for the implementation of personal information security projects in the planning and construction stages of network products and services with functions of processing personal information are published. Provide engineering guidelines for network products and services to improve personal information protection capabilities. Information Security Technology Personal Information Security Engineering Guide

1 Scope

This document presents the principles, objectives, stages and preparations of personal information security engineering, providing network products and services in terms of requirements, design, Engineering guidelines for implementing personal information security requirements during development, testing, and release. This document applies to network products and services (including information systems) involving personal information processing, for which the simultaneous planning and simultaneous construction of personal information It provides guidance on information security measures and is also suitable for organizations to refer to when conducting privacy engineering in the software development life cycle. Note. In the case of not causing confusion, the "network products and services" in this document are simply referred to as "products and services".

2 Normative references

The contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, dated citations documents, only the version corresponding to that date applies to this document; for undated references, the latest edition (including all amendments) applies to this document. GB/T 25069-2022 Information Security Technical Terminology GB/T 35273-2020 Information Security Technology Personal Information Security Specification GB/T 39335-2020 Information Security Technology Personal Information Security Impact Assessment Guidelines GB/T 41391-2022 Basic requirements for the collection of personal information by mobile Internet applications (Apps) of information security technology

3 Terms and Definitions

The terms and definitions defined in GB/T 25069-2022 and the following apply to this document. 3.1 Integrate personal information security principles and requirements into each stage of product service planning and construction, so that personal information security requirements can be incorporated into product services. The engineering process that is effectively implemented in the business. Note. Also known as "Privacy Engineering". 3.2 For personal information processing activities, test whether the purpose and method of personal information processing is legal, legitimate and necessary, and determine whether it is suitable for the individual. The impact of legal rights and security risks, and the process of evaluating the effectiveness of the measures taken to protect personal information. Note. Also known as "Personal Information Security Impact Assessment". 3.3 The collection, storage, use, processing, transmission, provision, disclosure, deletion, etc. of personal information. 3.4 automated decision-making Automatically analyze and evaluate personal behavior, hobbies or economic, health, credit status, etc. through computer programs, and make decisions. policy activities.

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 41817-2022_English be delivered?

Answer: Upon your order, we will start to translate GB/T 41817-2022_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 41817-2022_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 41817-2022_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.