China Compulsory Certificate

The China Compulsory Certificate mark, commonly known as a CCC Mark, is a compulsory safety mark for many products imported, sold or used in the Chinese market. It was implemented on May 1, 2002 and became fully effective on August 1, 2003.[1]

It is the result of the integration of China's two previous compulsory inspection systems, namely "CCIB" (Safety Mark, introduced in 1989 and required for products in 47 product categories) and "CCEE" (also known as "Great Wall" Mark, for electrical commodities in 7 product categories), into a single procedure.

Applicable products

The CCC mark is required for both Chinese manufactured and foreign imported merchandise. Consequently, there is a relevant and useful catalogue of CCC-compulsory products just for this purpose. Further, if any commodities or other general vendibles need to be certified, then it is a fittingly practical undertaking for one to also look at the Guobiao standards - the National Standards of China used in the testing process. The catalogue itself addresses the following sets of goods,[2] in addition to their parts:

Administration

The CCC mark is administered by the CNCA (Certification and Accreditation Administration). The China Quality Certification Centre (CQC) is designated by CNCA to process CCC mark applications and defines the products that need CCC.

The certification process usually takes between 4–8 months and includes the following steps:[3]

  1. Submission of an application and supporting materials
  2. Type Testing. A CNCA-designated test laboratory in China will test product samples
  3. Factory Inspection. CQC will send representatives to inspect the manufacturing facilities
  4. Evaluation of the results
  5. Approval of the CCC Certificate (or failure and retesting)
  6. Annual Follow-up Factory Inspections by Chinese officials

Follow-Up Certification

The CCC certificate and permission of printing the CCC mark must be renewed annually as part of a follow-up certification. Part of the follow-up certification is also a one-day factory audit. The proceedings of the follow-up certification are comparable with those of the initial certification, but overall much shorter, simpler and associated with a lower cost. No further product testing in China is typically requested and the audit will be kept compact.

IT security products

On April 27, 2009, China announced 13 categories of the IT security sector products that must conform to the additional authority that was newly bestowed on the CCC (China Compulsory Certificate), and this requirement was to be put into effect on May 1, 2009. In view of the security measures taken by China, there was a seemingly high likelihood that they would request the full disclosure of all source codes running on any and all devices, imported or otherwise. The divulgence of such source codes is of great concern to countries like the U.S., Japan, the EU, and South Korea; all four asked China to reverse this decision and objected to the implementation of the Chinese plan. Thus, the certification agents were soon limited to the organizations and entities within China - a compromise of sorts. However, despite this restriction, there still arose other concerns as to whether source codes and trade secrets could be leaked to the private sectors. In response to these enduring concerns, China altered the previously planned CCC policy programme. Instead of administering broad and stringent encroachments upon the relevant categories of imports (primarily, computer technology), they decided to engage in an alternate regulatory action solely affecting government procurement projects, while simultaneously postponing the enactment of the policy programme to May 1, 2010.[4][5][6] China also stated that the number of applicable CCC product categories is not to expand past the current 13 already in place.

List of IT security products

The 13 divisions or subsets of the products are:[7][8]

  1. Secure operating system package
  2. Organisational systems for the isolation, safety, and, exchange of information
  3. Secure network routing devices
  4. Security supervision system
  5. Secure database architecture technology
  6. Countermeasure program for spam (trouble/nuisance) mail
  7. Firewall security system
  8. Invasion and detection system
  9. Data backup/recovery product
  10. Network security involving LAN card and hub switching
  11. Network vulnerability scanning programs
  12. Web site recovery product
  13. Secure Smart card and advanced smart card operating system technology

See also

References

  1. "Certification in Brief". China Quality Center (CQC). Retrieved 2013-03-13.
  2. "China Certification". CCC Mandatory Products. USA: China Certification Corporation. 14 October 2014. Archived from the original on 10 October 2014. Retrieved 14 October 2014. This catalogue of products requiring certification was subject to continuous changes and has expanded since its first issue... The following table provides a brief overview of products for which certification is mandatory.
  3. "Certification Process". China Certification. Retrieved 2013-03-13.
  4. "Information Security, U.S.-China Joint Commission on Commerce and Trade". USTR. 2009-10-29. Retrieved 2009-12-31.
  5. "China, CCC Certification News Update". nemko.com. 2009-09-10. Retrieved 2009-09-18.
  6. "Chinese certification of information security products". nemko.com. 2009-08-28. Retrieved 2009-09-18.
  7. Note that product naming is literal translation from China published wording to Japanese by several number of Japanese industrial associations, then further literary translated to English.
  8. "中国CCC 強制認証対象品目一覧表2009 年版" [List of CCC applicable products, 2009 edition] (PDF) (in Japanese). Shibuya, Tokyo: JET:Japan Electrical Safety & Environment Technology Laboratories (電気安全環境研究所). p. 9/10. Archived from the original (PDF) on 2009-08-28. Retrieved 2009-09-18.

General references

External links