China Information Security (CCIS) Certification Service

General Information:

Starting in the fall of 2015, the Chinese government began to allow foreign manufacturers to apply for CCIS Certification.  China Certification of Information Security, or CCIS, is the information security equivalent of  China Compulsory Certification (CCC). It is required for information security products to be procured by the Chinese government, and in the near future is expected to be mandatory for some categories of commercially available products.

The CCIS certification is administered by China Information Security Certification Center (ISCCC).  There are currently eight product categories within CCIS:

• Border security, including firewalls, network security separated cards and line selectors, and security isolation and information exchange products
• Communication security, such as secure routers
• Authentication and access control, such as smart card chip operating systems
• Data security, including data backup and recovery products, secure operating systems, and secure database systems
• Content security, such as anti-spam products
• Valuation, audit, and control, including intrusion detection systems, network vulnerability scanning products, and security audit products
• Application security, such as website recovery products

Obtaining China Certification of Information Security is a multi-step process, including an application, type testing, factory inspection, product marking, and follow-up inspections after certification.

The CCIS mark is based on type testing to Chinese national standards, which outline the technical requirements.  The mark diagram is as follows:

Obtaining CCIS certification can be tricky, and delays can occur from not going in with the right test plan, or having the right support equipment for testing.  The following are preventable issues that can cause delays:

• The only Certification Body that currently issues the CCIS mark is largely unknown to North American certification agencies
• Initial test plan not designed to leverage base model number
• Products are not sent with the correct test software
• Certification laboratories make little effort to resolve product operating deficiencies during testing.
• Test samples are delayed in shipping, or get stuck in China customs
• Product operating details are not well translated to Chinese test lab
• Certificate expirations cause unexpected lapse in coverage

G&M Compliance’s Beijing office was established in 2005.  We utilize the following practices to achieve a fast and efficient certification experience:

• G&M has a long-standing relationship and proven track record in dealing with ISCCC, the CCIS certification body. In fact, G&M was the first foreign homologation company to receive a certificate from ISCCC shortly after their inception in 2006.
• We develop a test plan that maximizes certification coverage of current and future products based on product type.
• We troubleshoot sample issues at the test lab if necessary, to keep the process moving forward.
• Assist in shipping samples, and maintain good relationships with customs clearance agencies to expedite the clearance process
• Rely on China team’s experience to communicate directly with customers and minimize communication gaps.
• Track and alert customers of upcoming renewals of CCIS certificates, with G&M’s Certificate Alert and Tracking System (CATS)

G&M Compliance has operations in the U.S. and China to ensure your product utilizes the right testing process, and moves through certification efficiently.  Our compliance experts understand the technical requirements necessary to minimize the risk of failure, and stay updated on ever-changing regulations.

For more information, additional questions, or to request a quote – Please submit an online RFQ, Contact Us, or call.