China Federation of Electronics and Information Industry, Guidelines on Data Compliance Audits

Main contents:  The Guidelines divide data compliance audit projects into three categories, external audits, internal audits and special audits, where the term "special audit" means an audit addressing only certain audit objects, a specific audit subject or one in which only certain audit procedures are conducted, e.g. a special audit of enterprise data security compliance, audit of the personal information compliance of an e-commerce enterprise, review of the data compliance system of an Internet operation service provider, assessment of the data security compliance of a financial institution, audit of the personal health information compliance of a medical institution, project of a government authority for the formulation of a data compliance policy, etc.