Abstract: The data related to procurement business of railway enterprises and institutions are characterized by large volume, miscellaneous types and high value. It is urgent to carry out security governance for this kind of data. This paper expounded the necessity of security governance of data related to procurement business, and conducted in-depth discussion on organization construction, status quo investigation, data classification and grading, risk assessment, system construction and staff training. It can provide reference for railway enterprises and institutions to improve the capability and efficiency of confidentiality work in the procurement business and eliminate information leakage incidents.