Starting from the practices of grade protection assessment on the information system of Peking Union Medical College Hospital, the paper introduces the information system grade and assessment contents and processes, discusses common problems found in specific work and risk analysis approaches so as to provide a reference for work related to information security.