Product certification is divided into three phases:

(1) Application phase;

(2) Testing and evaluation phase; and

(3) Certification phase.

The detailed certification procedure is:

(1) The applicant submits an application form to the Shanghai Information Security Testing Evaluation and Certification Center. The form can be downloaded from www.shtec.gov.cn;

(2) The testing center examines whether the security objectives conform to the requirements of the certification. If it passes the examination, an acceptance notice is sent to the applicant. Otherwise, the application is not accepted;

(3) After the payment of the testing and certification fee, the applicant should send the sample to the testing center for evaluation. Technicians or development personnel should cooperate with the evaluation if necessary;

(4) After the testing and evaluation takes place, a testing report will be submitted by the testing center to the applicant;

(5) A certification decision meeting is held by the National Certification Center and a certification decision is formed. For products that have been certified, they are awarded a Product Certification and a certification mark. For products not yet certified, the applicant may apply for re-testing after improving the products.