The Security Assessment Methods for Cloud Computing Services entered into force on 1 Sept. 2019.
There are 17 articles in total, which aim to assess the security and the controllability of cloud computing services purchased by the Party and government organs and key information infrastructure operators. The key points are as follows:
- The security assessment of cloud computing services will focus on the following: (1) the basic information of cloud platform operators; (2) the background and stability of cloud service providers; (3) the security of cloud platform technology, products and service supply chain; (4) the security management ability and the security measures of cloud service providers; (5) the feasibility and the convenience of customer data migration; (6) the business continuity of cloud service providers.
- Cloud service providers can apply for security assessment on cloud platforms that provide cloud computing services to the Party and government organs and key information infrastructure operators.