|
US$1599.00 ยท In stock
Delivery: <= 9 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 42582-2023: Information security technology - Personal information security testing and evaluation specification in mobile internet applications(App)
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 42582-2023 | English | 1599 |
Add to Cart
|
9 days [Need to translate]
|
Information security technology - Personal information security testing and evaluation specification in mobile internet applications(App)
| Valid |
GB/T 42582-2023
|
PDF similar to GB/T 42582-2023
Basic data | Standard ID | GB/T 42582-2023 (GB/T42582-2023) | | Description (Translated English) | Information security technology - Personal information security testing and evaluation specification in mobile internet applications(App) | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 79,774 | | Date of Issue | 2023-05-23 | | Date of Implementation | 2023-12-01 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 42582-2023: Information security technology - Personal information security testing and evaluation specification in mobile internet applications(App)
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030
CCSL80
National Standards of People's Republic of China
Information Security Technology Mobile Internet Application
(App) Personal Information Security Evaluation Specifications
Released on 2023-05-23
2023-12-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface I
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 Evaluation Process and Method 3
5:1 Overview 3
5:2 Evaluation Process 3
5:3 Evaluation method 4
5:4 Evaluation Environment and Tools 5
6 Evaluation implementation content 5
6:1 Evaluation of Personal Information Collection 5
6:2 Evaluation of Personal Information Storage 18
6:3 Evaluation of the use of personal information 22
6:4 Assessment of the rights of personal information subjects 30
6:5 Evaluation of entrusted processing, sharing, transfer, and public disclosure of personal information 39
6:6 Evaluation of Personal Information Security Incident Handling 53
6:7 Evaluation of Organizational Personal Information Security Management Requirements 56
7 Result judgment 67
8 Reporting 67
Appendix A (Informative) Basic Information Collection Form of App Operators 68
Appendix B (informative) Description of the evaluation unit number 69
Appendix C (Informative) Examples of App Fraud, Deception, and Misleading Ways to Collect Personal Information 70
Appendix D (Informative) Frequency of App Collection of Personal Information in Different Scenarios 71
Appendix E (Informative) Additional notifications when App applies for specific types of system permissions or collects specific types of system information Reference 72
Appendix F (informative) Applicable evaluation units only for App evaluation 73
Reference 75
foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents"
drafting:
Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents:
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260):
This document was drafted by: China Institute of Electronic Technology Standardization, China Network Security Review Technology and Certification Center, First Research Institute of the Ministry of Public Security
Research Institute, Beijing Information Security Evaluation Center, China Electronics Technology Group Corporation Fifteenth Research Institute, National Computer Network Emergency Technology Handling Association
Investigation Center, Beijing Baidu Netcom Technology Co:, Ltd:, Beijing Bangbang Security Technology Co:, Ltd:, China Academy of Information and Communications Technology, Beijing Zhizhangyike
Technology Co:, Ltd:, Digital Currency Research Institute of the People's Bank of China, China Mobile Communications Group Co:, Ltd:, Qi Anxin Wangshen Information Technology (Beijing)
Co:, Ltd:, Beijing Hanhua Feitian Xinan Technology Co:, Ltd:, Beijing Qihoo Technology Co:, Ltd:, Shaanxi Province Network and Information Security Evaluation
Center, Institute of Information Engineering, Chinese Academy of Sciences, National Information Technology Security Research Center, Beijing UnionPay Gold Card Technology Co:, Ltd:, Beijing Transportation
University, Xi'an Jiaotong University, China Automotive Engineering Research Institute Co:, Ltd:, Beijing Douyin Information Service Co:, Ltd:, Daily Interactive Co:, Ltd:
Co:, Ltd:, Venustech Information Technology Group Co:, Ltd:, OPPO Guangdong Mobile Communication Co:, Ltd:, Shenzhen Tencent Computer System
Co:, Ltd:, Beijing Zhiyou Network Security Technology Co:, Ltd:, Quanzhi Technology (Hangzhou) Co:, Ltd:, Jiangsu Tongfudun Information Security Technology Co:, Ltd:
Company, Zhongke Sharp Eye (Tianjin) Technology Co:, Ltd:
The main drafters of this document: Hu Ying, Liu Xing, Fan Bo, Yao Xiangzhen, Gao Chao, Yan Yan, Xin Jianfeng, Han Yu, Fan Hong, Li Yuan, Liu Jian, Dong Jingjing,
Lin Xingchen, Wang Yiyu, Li Xiaoxue, Wang Haitang, Deng Ting, Fang Ning, Wang Danhui, Li Biao, Song Lingwei, Qiu Qin, Zhao Shuai, Peng Gen, Yao Yinan, Yang Jing,
Du Dan, Wu Dongyu, Li Yu, Wang Wei, Fan Ming, Li Guangping, Yang Xiaohan, Dong Lin, Shi Jing, Li Teng, Xu Yongtai, Han Yun, Wang Xiesi, Wang Dejia,
Zhao Hongyu:
Information Security Technology Mobile Internet Application
(App) Personal Information Security Evaluation Specifications
1 Scope
This document specifies the evaluation process for personal information security evaluation of mobile Internet applications based on GB/T 35273-2020:
and methods for evaluating various safety requirements:
This document is applicable to guide third-party evaluation agencies to evaluate personal information security of mobile Internet applications, and to supervise
The department supervises and manages the personal information security of mobile Internet applications, and mobile Internet application operators carry out personal information security:
Refer to the implementation of the full self-assessment:
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document:
GB/T 25069-2022 Information Security Technical Terminology
GB/T 35273-2020 Personal Information Security Specifications for Information Security Technology
GB/T 41391-2022 Information Security Technology Mobile Internet Application (App) Basic Requirements for Collection of Personal Information
3 Terms and Definitions
Defined in GB/T 25069-2022, GB/T 35273-2020 and GB/T 41391-2022 and the following terms and definitions apply
in this document:
3:1
Applications running on mobile smart terminals:
Note: Including mobile smart terminal presets, downloaded and installed applications and applets:
3:2
Mobile internet application owner, manager or provider:
3:3
Software libraries to assist in software development:
NOTE: A software development kit typically includes a collection of related binaries, documentation, examples, and tools:
3:4
Privacy Policyprivacypolicy
Text describing the rules governing the handling of personal information by mobile internet applications:
Note: For the content contained in the personal information protection policy, see 5:5 in GB/T 35273-2020:
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 42582-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 42582-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 9 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 42582-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 42582-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|