MLPS 2.0

What is MLPS? Multi-Level Protection Scheme

The MLPS (Multi-level Protection Scheme) is a government-issued normative document that dates back to 1994 and is primarily used to assess the security level of network systems. Since the release of China’s Cybersecurity Law (CSL) in 2017, all network operators, including foreign companies, are required to comply with the MLPS 2.0 version. This standardization document is designed to help network operators evaluate, maintain, and protect their information systems and networks. It follows a tiered approach that essentially provides a health check for IT systems with varying standards for different security levels. However, it’s essential to note that the MLPS scope does not include medicine or medical approaches. Other relevant laws, such as Password Law, use the MLPS level as a benchmark to determine the appropriate measures to be taken at each level.

How to Determine Your Level

  • Most small- and mid-sized foreign companies would fall in Level 1 or 2.
  • Comparable to TISAX certification (AL2) under GDPR, Level 1 self assessment, since Level 2 3rd party.
  • >= 70 Points as PASS.
  • Apply for > Level2
  • MLPS is per system evaluated. Pure office LAN cannot apply. Must be something with server.
  • WFOEs whose systems have NO data-exchange between foreign sites can apply.
  • E.g. OA/CRM or MRP system can apply.
  •  
  • Starting from 01.Sep.2022, network operators transfers data to abroad should follow the regulation of cross-border transfer of personal data.
  •  

How should we apply for MLPS?

What we offer

Wants to know more about the MLPS 2.0 assessment procedure?