Path: Home > GB/T > Page206 > GB/T 45389-2025

Price & Delivery

US$359.00 · In stock · Download in 9 seconds
GB/T 45389-2025: Data security technology - Capability requirements for assessment organization of data security
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid

Std ID	Version	USD	Buy	Deliver [PDF] in	Title (Description)
GB/T 45389-2025	English	359	Add to Cart	4 days [Need to translate]	Data security technology - Capability requirements for assessment organization of data security

GB/T 45389-2025: Data security technology - Capability requirements for assessment organization of data security

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Data security technology - Capability requirements for assessment organization of data security Data security technology Data security assessment agency Competency requirements Data security technology-Capability requirements for assessment ICS 35.030 CCS L 80 National Standard of the People's Republic of China Released on 2025-03-28 2025-10-01 Implementation State Administration for Market Regulation The National Standardization Administration issued

Table of contents

Preface ... Ⅲ 1 Scope ... 1 2 Normative references ... 1 3 Terms and Definitions ... 1 4 Overview ... 2 5 Ability requirements ... 3 5.1 Basic conditions ... 3 5.2 Management Capabilities 4 5.3 Technical Capabilities 6 5.4 Human Resources Capabilities 8 5.5 Venue and Equipment Resource Capacity ... 9 Appendix A (Informative) Methods for Verifying the Capabilities of Data Security Assessment Agencies ... 11 Appendix B (Informative) Equipment and tool types ... 12 References ... 13

Foreword

This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting is required. Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC 260). This document was drafted by. National Information Technology Security Research Center, China Electronics Technology Standardization Institute, National Computer Network Emergency Response Team Technical Processing Coordination Center, China Cybersecurity Review and Certification and Market Supervision Big Data Center, China Information Security Evaluation Center, China Network Space Research Institute, the Third Research Institute of the Ministry of Public Security, China Academy of Information and Communications Technology, China Software Evaluation Center, National Industrial Information Security Development Research Institute Research Center, the 15th Institute of China Electronics Technology Group Corporation, University of Science and Technology of China, Institute of Software, Chinese Academy of Sciences, Industrial and Information Technology The Fifth Electronic Research Institute of the Ministry of Information and Communications Technology, the Sixth Research Institute of China Electronics Information Industry Group Co., Ltd., the Supervision Center of the State Administration of Radio and Television, Information Center of Civil Aviation Administration of China, Education Management Information Center of Ministry of Education, Beijing UnionPay Gold Card Technology Co., Ltd., Beijing Times Xinwei Information Technology Co., Ltd., Guangdong Radio and Television Metrology and Testing Group Co., Ltd., Guangzhou Jingyuan Safety Technology Co., Ltd., Nanjing Big Data Testing Technology Co., Ltd. Technology Co., Ltd., Shaanxi Information Engineering Research Institute, Transportation Information Security Center Co., Ltd., National Application Software Product Quality Inspection Testing center, etc. The main drafters of this document are. Yu Kequn, Yang Tao, Chen Lin, Hu Ying, Zhang Yuguang, Ren Yingjie, Zhu Xuefeng, Lin Xingchen, Wang Hui, Zuo Xiaodong, Zhang Xiaomei, Xu Jinghui, Zhang Xiaofei, Gao Song, Jiang Wei, Wang Pu, Ru Mengyuan, Wang Hui, Wang Yiyu, Cheng Yuqi, Tang Gang, Zhang Dexin, Sun Jun, Zhao Ran, Zhang Yuanyuan, Huo Shanshan, Liu Jian, Yan Min, Yang Chen, Shan Boshen, Lu Liewen, Zhao Yunlong, Li Yan, Zhang Wei, Yang Weiping, Chen Cong, Wang Xinjie, Yu Zhengchen, Dai Ming, Du Jian, Tang Di, He Gang, Chen Zhijun, Zhao Xiaorong, Guo Jianhong, Cao Yue, Chen Jing, and Song Hongtao. Data security technology Data security assessment agency Competency requirements

1 Scope

This document specifies the capability requirements for data security assessment agencies, including basic conditions, management capabilities, technical capabilities, human resources capabilities, Manpower, location and equipment resource capabilities. This document is applicable to the capacity building of data security assessment agencies themselves, as well as the capacity evaluation of data security assessment agencies. The processor selects a third-party data security assessment agency to provide reference.

2 Normative references

The contents of the following documents constitute the essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies. in this document. GB/T 19001-2016 Quality Management System Requirements GB/T 25069-2022 Information Security Technical Terminology GB/T 32914-2023 Information security technology network security service capability requirements GB/T 39335-2020 Information security technology Personal information security impact assessment guide GB/T 41479-2022 Information security technology - Security requirements for network data processing

3 Terms and definitions

The terms and definitions defined in GB/T 25069-2022 and GB/T 41479-2022 and the following apply to this document. 3.1 data processing activities Activities such as data collection, storage, use, processing, transmission, provision, disclosure, and deletion. 3.2 data security assessment Conduct technical testing, evaluation, and verification of data, data processing activities, and possible security issues and risks of data processors Activity. Note. Including but not limited to data security risk assessment, personal information protection impact assessment, data outbound security assessment, etc. 3.3 data security risk The possibility of data security incidents and the damage they may cause to national security, public interests, or the legitimate rights and interests of organizations and individuals. 3.4 data security risk assessment The entire process of risk identification, risk analysis and risk assessment for the security of data and data processing activities. 3.5 Assessment organization of data security Organizations engaged in data security assessment activities. ...