On January 5, 2014, the National Information Security Standardization Technical Committee (NISSTC) issued the Information Security Technology - Guidance on Managing Information Security Risks (Draft for Comment) (the "Draft") to solicit public opinions by March 3, 2024.

The Draft offers guidance on the management of information security risks, which is applicable to all organizations, regardless of their type, scale, or area. The Draft replaces the previous GB/T 31722-2015 Information Technology - Security Techniques – Information Security Risk Management. Compared with the previous edition, in additional to some structural adjustments and editorial modifications, it proposes several technical changes, which mainly include adding some terms and definitions in "risk scenario", deleting some articles and contents in "background", changing some contents of iterative risk assessment and/or risk treatment in the "information security risk management process", adding the "information security risk management cycle", and changing the expression of "environment establishment".

(Source: National Information Security Standardization Technical Committee)