
Internet Medical Health Platform
To implement national laws and regulations such as the Data Security Law and the Personal Information Protection Law, and to promote the healthy development of the data element market, the China Academy of Information and Communications Technology (hereinafter referred to as “CAICT”) has continuously carried out Data Security Management Capability (DSMC) assessments under the “Zhuoxin Big Data Initiative.” On September 22, 2025, PINGAN GOOD DOCTOR (Ping An Health Internet Co., Ltd., hereinafter referred to as “PINGAN GOOD DOCTOR”) successfully passed the reassessment, obtaining the industry’s first DSMC recertification certificate specifically for the medical and healthcare business sector.It is reported that PINGAN GOOD DOCTOR initially obtained certification under this system in 2022, and its recent completion of the recertification process ahead of peers marks a milestone in the company’s ESG-driven sustainable development, holding significant demonstrative value for the industry.。

It is reported that data security governance is a dynamic and continuously optimized process. The DSMC assessment establishes a three-year validity period, aiming to encourage certified enterprises to maintain the advancement and effectiveness of their data security management systems. The recertification upon expiration is not a mere repetition of the initial audit, but a comprehensive evaluation of the enterprise’s governance practices over the past three years. This recertification was conducted in accordance with the updated T/ISC 0059—2024 “Specification for Data Security Management Capability Assessment” standard. The new standard imposes higher requirements on the completeness of corporate management systems, the effectiveness of technical tools, and the standardization of process execution.
Data security and privacy protection are the cornerstones of PINGAN GOOD DOCTOR’s steady development. It is understood that, as of 2024, PINGAN GOOD DOCTOR has obtained multiple information security management system certifications, including ISO 27001 for Information Security Management Systems, ISO 27701 for Privacy Information Management Systems, and ISO 27799 for Health Informatics Security Management Systems, with certification coverage extending to 100% of the company’s business scope. The company continues to focus on building foundational information security capabilities, having completed the domestic substitution of its Web Application Firewall (WAF) and further enhanced the comprehensive security defense (XDR) capabilities of its self-developed business systems, achieving a 35% improvement in alert detection capability compared to the original commercial products. Meanwhile, the company ensures effective protection of data security and user privacy by regularly conducting information security emergency drills and employee security awareness training. Furthermore, through regular participation in national-level cyber attack and defense drills (“Hu Wang” exercises) and ongoing employee security awareness training, the company ensures the dynamic effectiveness of its data security protections.。
A representative from PINGAN GOOD DOCTOR stated that data security and personal information protection are the baseline for compliant corporate operations and an unshirkable responsibility, as well as a key factor in the company’s sustainable development. In recent years, the company has focused on four core pillars: “Comprehensive Sustainability,” “Advanced Technology Empowerment,” “Robust Information Security Protection,” and “Extensive Social Responsibility.” By implementing its “CARE” sustainable development strategy, the company is committed to providing users with high-quality, efficient, and reliable healthcare and elderly care services. Looking ahead, the company will take this industry-first certification as a new starting point to continuously deepen its privacy protection practices, building a solid wall of digital trust for its users.。
The China Academy of Information and Communications Technology (CAICT) stated that it will continue to improve the DSMC assessment system, planning to incorporate the latest national standards, such as GB/T 41479-2022 “Information Security Technology—Security Requirements for Network Data Processing,” into the assessment framework. This aims to provide higher-level guidance for enterprise data security construction through more comprehensive and rigorous processes. Meanwhile, CAICT calls on more enterprises, especially those at the forefront of data processing, to actively participate in DSMC assessments, transforming data security from a cost center into a value center and a cornerstone of trust. The “Trusted Big Data Initiative” will work together with all industry stakeholders to continuously promote best practices in data security governance, building a solid and trustworthy security barrier for the high-quality and sustainable development of China’s digital economy.