Technology Security and IT in China: Benchmarking and Best Practices.

As companies increasingly use information technology solutions to provide more goods and services to their customers around the world, more and more are reporting concerns about the effects of China’s technology policies on their China-based and multinational companies.

To shed light on policy concerns and operating best practices in China’s data management and information technology (IT) regulatory framework, the US-China Business Council (USCBC), in cooperation with the China CIO Alliance (CCA), interviewed China-based chief information officers (CIOs), chief technology officers, and China or regional IT directors of more than 40 multinational companies in sectors including industrial equipment, chemical manufacturing, healthcare, automotive, financial services, retail, and other services.

The results of those surveys have been compiled into a new USCBC report, Technology Security and IT in China: Benchmarking and Best Practices. Among the findings:

  • PRC security objectives are outweighing more pragmatic approaches to IT policies that would incorporate the best international products and services available. The Chinese government is promoting the use of “indigenous,” or domestic, IT products, which are ambiguously defined as “secure and controllable” technology, and discouraging the use of foreign products and technologies.
  • Chinese development plans such as Made in China 2025, Internet+, and the 13th Five-Year Plan emphasize the development of smart- and internet-based technology, which carry an implicit recognition of the benefits of global information networks. Bur formal regulations in the financial and healthcare sectors, as well as standards related to cloud computing, prohibit the flow of certain data across China’s borders, thereby limiting the effectiveness of national development plans.
  • The role of the Chief Information Officer in China has expanded beyond maintaining basic IT operations to encompass digital strategy. This new scope requires traditional technical skills and knowledge of the policy environment. The rapidly changing environment requires CIOs to have a grasp of policies and regulations that can affect their everyday work. This understanding is vital in communicating back to headquarters which technology solutions can and cannot be implemented in the China market.