21/04/2020
On February 27, the Ministry of Industry and Information Technology issued the Industrial Data Classification Guide (Trial) as a supporting document for carrying out the cybersecurity protection of industrial control systems. It is also an important step to improve the industrial data governance system. MIIT published the Guide to help enterprises classify their industrial data, improve enterprises’ data management capabilities, and promote the use, flow, and sharing of industrial data.
Industrial data refers to data generated and applied throughout the life cycle of products and services in the industrial field, including but not limited to data generated and used by industrial enterprises in research, design, manufacturing, operation management, and maintenance. It also includes the data generated and used by industrial internet platform companies in the process of equipment access, platform operation, and industrial applications. Adding industrial internet platform companies to the industrial data governance system is a new step.
Content of the Guide:
The Guide consists of 4 chapters and 16 articles. The main contents include:
Chapter 1 – General Principles of the Guide. This chapter elaborates the purpose and basis of the Guide, proposing the concepts of industrial data, and clarifying the scope and principles of the Guide.
Chapter 2 – Classification of Industrial Data. Companies should form a classified list of industrial data based on the actual conditions such as industry requirements, business scale, and data complexity.
Chapter 3 – Levels of Industrial Data. According to the potential impact of each type of industrial data being tampered, destroyed, leaked or illegally used, companies should divide the data into 3 levels.
Chapter 4 – Hierarchical Management of Industrial Data. Includes the responsibility of different regulators and enterprises during the classification and protection of industrial data.
Background:
According to the Big Data Industry Development Plan (2016-2020), a top-level regulation on data management that was published by MIIT in 2016, classification protection is a key working point of industrial data governance. After the Plan was published, the Chinese government published more regulations and standards to support the development of the classification and protection of industrial data.
The Information Security Protection Guide for Industrial Control Systems, which was published by MIIT in 2016, is used to support the Development Plan and to carry out the security protection of industrial control systems.
In 2018, the Information Technology Standardization Technical Committee of China (SAC/TC 28) published GB/T 36073-2018 Data management capability maturity assessment model. This standard makes the classification of industrial data become a basic requirement for data management capabilities level 2 (managed level) to level 5 (optimized level).
As mentioned above, the Industrial Data Classification Guide is the latest step of carrying out the industrial data classification protection. The document puts forward 16 guidance opinions on the concept of industrial data, the classification and grading methods of industrial data, and the differences in management. It points out the direction for improving industrial data management capabilities and offers strong operable ways for enterprises to protect their industrial data.
