Two departments are promoting the institutionalization and standardization of data management in the certified public accountant industry. The audit working papers of accounting firms are required to be stored domestically-瞭望新时代网

Two departments are promoting the institutionalization and standardization of data management in the certified public accountant industry. The audit working papers of accounting firms are required to be stored domestically

2024-05-17

The promulgation of the Interim Measures for Data Security Management of Accounting Firms aims to comprehensively implement legal requirements such as the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law, provide a basis for accounting firms to carry out data security management activities, accelerate the construction of the basic system of the certified public accountant industry, and build a horizontally coordinated and vertically linked industry data security supervision mechanism. In order to implement the requirements of the Data Security Law, the Network Security Law and other relevant laws, strengthen the data security management of accounting firms, and standardize the data processing activities of accounting firms, the Ministry of Finance and the National Internet Information Office jointly issued the Interim Measures for the Data Security Management of Accounting Firms (hereinafter referred to as the Interim Measures) recently, proposing that accounting firms should establish a sound network security management governance framework, establish and improve the internal network security management system, retain relevant logs involving core data for at least three years, and keep the audit work papers of accounting firms in China according to relevant regulations. The promulgation of the Provisional Measures aims to comprehensively implement legal requirements such as the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law, provide a basis for accounting firms to carry out data security management activities, accelerate the construction of the basic system of the certified public accountant industry, and establish a horizontally coordinated and vertically linked industry data security supervision mechanism. It is reported that the Provisional Measures will come into effect on October 1, 2024. The retention of core data logs for no less than 3 years is a key element of the digital economy. In recent years, the digitalization level of China's industries has significantly improved, and data resources are increasingly playing an important role in creating value for enterprises, especially related data enterprises. Therefore, the issue of accounting data information security closely related to enterprise production and operation, as well as the healthy development of the national economy, urgently needs to be taken seriously. In July 2021, the Opinions of the General Office of the State Council on Further Regulating the Order of Financial Auditing and Promoting the Healthy Development of the Certified Public Accountant Industry emphasized the need to accelerate the construction of the basic system of the certified public accountant industry and timely follow up and improve relevant institutional regulations. The Provisional Measures issued by the two departments this time are in line with the trend of digital economy development and further improve the basic institutional system of the certified public accountant industry. The Interim Measures specify that accounting firms should determine core data, important data, and general data in accordance with relevant laws and regulations and the standards for classifying and grading industry data of the audited entity, and make clear requirements for the storage, related logs, transmission, and other aspects of core data and important data. The audited entity is obliged to inform the accounting firm of the core data and important data related information in the audit materials through business agreements, confirmation letters, and other means. In terms of data storage, information systems storing important data must implement network security level protection requirements of level three or above, and information systems storing core data must implement level four network security level protection requirements. In terms of log management, it is required that logs related to core data be retained for no less than 3 years, and logs related to important data be retained for no less than 1 year. Among them, logs related to providing, entrusting, and jointly processing important data to others shall be retained for no less than 3 years

Edit：Ying Ying Responsible editor：Shen Chen

Source：http://www.legaldaily.com.cn

Special statement: if the pictures and texts reproduced or quoted on this site infringe your legitimate rights and interests, please contact this site, and this site will correct and delete them in time. For copyright issues and website cooperation, please contact through outlook new era email：lwxsd@liaowanghn.com

Return to home page Return to list