New cyber security rules proposed for the Chinese insurance industry
The new draft rules come in the wake of a substantial new body of laws and draft rules in the cyber security arena in China. As may be anticipated, the draft rules carry forward some of the more invasive aspects of China's emerging cyber security regime, such as adoption of "secure and controllable" technology, data localisation requirements, and adoption of products and systems employing domestic encryption methods.
Other new features of the draft rules focus on increased IT governance and risk assessments, including increased involvement of the board of directors, appointment of a chief information officer, value and risk assessments for cloud services and external audits of technology functions.
The draft rules may see revisions during the course of their review and would not be expected to be officially adopted, if adopted, until at least mid to late 2016.
To read the full alert, please click here