China releases interim measures for data security management by accounting firms
Published: May 11, 2024 12:18 AM
data security File photo

Photo: VCG

China's Ministry of Finance and the Cyberspace Administration of China have released a series of interim measures for data security management by accounting firms, effective from October 1, 2024, with the aim of standardizing data processing activities, according to an announcement by the finance ministry on Friday.

According the announcement, the interim measures are a refinement of the relevant provisions for the national network and data security management in the certified public accountant (CPA) profession, providing a basis for CPA firms to carry out data security management activities.

The measures are conducive to promoting the institutionalization and standardization of data security management in the CPA profession, and they respond to the development of the digital economy and further improve the basic system of the CPA profession, read the announcement.

The provisional measures regulate six main areas including standardization of data classification and grading, standardization of the management of manuscripts and enhancement of network management.

Up to now, 35 accounting firms in China have joined or created 28 international accounting networks, and the profession has become increasingly close to foreign exchanges and cooperation. The provisional measures stipulate that audit working papers from accounting firms should be deposited in China in accordance with the relevant regulations.

Accounting firms are not allowed to include in engagement letters or contracts clauses such as domestic project information. If overseas regulators need to access the domestic audit working papers due to regulatory needs, they should obtain them through the corresponding cross-border regulatory cooperation mechanism in accordance with the law, and the corresponding audit working papers should go through the relevant approval procedures before leaving the country.

Accounting firms should establish a level-by-level review mechanism for audit working papers on exit matters and implement data security control responsibilities, according to the announcement.

In addition, the interim measures require accounting firms to establish a data backup system to ensure that relevant audit working papers can still be accessed, retrieved and utilized in the event that the audit-related application system is taken out of service or restricted for external technical reasons. Encryption equipment should be set up and operated and maintained by a team in China.

Global Times