On November 13, the Ministry of Finance (MOF) of the PRC and Office of the Central Cyberspace Affairs Commission (CAC) jointly drafted the "Interim Measures for Data Security Management of Accounting Firms (Draft for Comments)" (hereinafter referred to as the "Measures"), aiming to implement the data security law and cybersecurity law, and other relevant legal requirements, strengthen the data security management of accounting firms, and standardize the data processing activities of accounting firms. This "Measures" regulate the data processing activities of accounting firms in accordance with the requirements of the data security law, specifying the system for data classification and management, various data processing requirements, data security obligations, and other legal provisions related to national data security management, providing institutional guarantees for the supervision of data security in the industry.
The "Measures" require accounting firms to adopt a series of specific measures to ensure the security and confidentiality of data through the comprehensive use of techniques such as network isolation, user authentication, data encryption, virus prevention, and illegal intrusion detection. Furthermore, relevant data should be stored within the territory of China. In addition, accounting firms need to establish a sound network management system and governance framework, create internal network management systems, and allocate network management technical personnel with relevant professional skills according to the scale and complexity of their business activities to ensure reasonable allocation of network resources and funding. Addressing the issue of lax network security management in some accounting firms, the measures require the establishment of strict access control policies, unified management of various accounts, and prohibition of unrestricted super accounts to prevent unauthorized access.
In terms of supervision and inspection, the "Measures" specify the content of data security inspections and key inspections conducted by the MOF and the CAC on accounting firms. For accounting firms that undertake auditing services in important sectors such as finance, energy, communications, transportation, technology, and defense technology, relevant departments will conduct comprehensive supervision and inspections, and strengthen daily supervision. In specific situations, the mechanism for conducting network security reviews of accounting firms can be activated.
In the future, the Hong Kong China Network Security Association (HKCNSA) will closely monitor changes in the network security situation, actively respond to new challenges and threats in network security, promote innovation and development in the network security industry, and contribute to the construction of a more secure and reliable digital environment.