To achieve compliance, HUAEWI CLOUD inherits complete Huawei management systems as well as IT system building and operations experience, manages integration and O&M of cloud services proactively, and innovates continuously.
HUAWEI CLOUD shares compliance responsibilities with users: HUAWEI CLOUD is responsible for securing underlying infrastructures, and users can obtain related compliance information. users can obtain necessary assistance from HUAWEI CLOUD for compliance certification. Users are responsible for securing applications and purchased operating systems deployed in clouds.
HUAWEI CLOUD is certified by the following global authorities
CSA STAR Gold Certification
CSA STAR certification is a hardened version of ISO/IEC 27001 information security management system based on cloud control matrix (CCM) for the purposes of enhancing the cloud computing industry trust and transparency. CSA STAR certification is jointly developed by Cloud Security Alliance (CSA) and British Standards Institution (BSI), which is an authoritative standard development and preparation body as well as certification service provider worldwide. Developed and promoted by BSI, ISO 27001 is currently the most authoritative, strict, and widely recognized standard used for managing information security. STAR certification is the first authoritative certification of cloud security worldwide. It aims to cope with specific issues related to cloud security and help cloud computing service providers show their service maturity.
HUAWEI CLOUD has passed the STAR Gold Certification awarded by BSI. This proves that HUAWEI CLOUD is the leading product in information security management and cloud security maturity. It also indicates that security and availability of the HUAWEI CLOUD platform has achieved the highest international standard.
ISO 27001 is a security standard widely used worldwide, and it specifies requirements for information security management systems. ISO 27001 provides a way to assess systems that manage company and customer information based on periodic risk.
ISO 27001 certification proves that the technology system and management system of HUAWEI CLOUD meets requirements of most authoritative information security standard globally.
CSA C-STAR Certification
Cloud Security Alliance (CSA) authorizes China CEPREI Laboratory, an independent third-party audit institute, for cloud service security certification named CSA's Security Trust and Assurance Registry (CSA STAR or C-STAR for short) in China. In addition to the Cloud Controls Matrix (CCM) from CSA, CEPREI adds requirements for classified protection and personal information protection guide. CSA STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CSA STAR certification demonstrates that HUAWEI CLOUD security meets most advanced standards and requirements in the world.
Ministry of Public Security (MPS) of China for Information Security Protection Certification (Class 3)
Classified information security protection includes five stages: classification, filing, security building and rectification, assessment of the information security class, and information security check.
Institutes under MPS assess HUAWEI CLOUD. As a basic mechanism, policy, and method, classified information security protection promotes healthy development of informatization and is the essential guarantee for national security, social order, and public interests.
Certification of classified information security protection illustrates that the technology system and management system of HUAWEI CLOUD meets security requirements of most authoritative national government agency.
Cyberspace Administration of China (CAC) for Cloud Service Security Certification
CAS led formulation of the standard for managing cloud service cyber security oriented at government agencies, which is the most comprehensive and strict security standard for cloud services in China. CAC certification shows that Huawei can provide government customers with secure and enterprise cloud services compliant with the standard.
Trusted Cloud Service (TRUCS) is the first certification in China for cloud service offerings. With the guidance from Department of Communications Development at China's Ministry of Industry and Information Technology (MIIT), Cloud Computing Promotion and Policy Forum set up a trusted cloud service workgroup for TRUCS. The core objective of TRUCS is to build up an assessment system for cloud vendors, so that users can select secure and trusted cloud vendors.
TRUCS certification includes 16 metrics in 3 categories, covering 90% information that a cloud vendor needs to commit to or inform users (based on the SLA). TRUCS systematically assesses implementation of 16 metrics for a cloud vendor, which is a basis for users to select cloud vendors.
Being certified by TRUCS indicates that HUAWEI CLOUD complies with the most detailed certification standard for cloud service data and service guarantee in China.
Gold O&M is designed to assess O&M capability of cloud service providers who have passed trusted cloud certification. Gold O&M assesses the process management, management system function sufficiency, and automatic management of O&M systems. Gold O&M covers more than two hundred items and makes a comprehensive assessment on overall O&M management of the cloud service providers. Huawei has passed the Gold O&M assessment with great grades. This shows that Huawei cloud services have a sound O&M management system that meets the cloud service O&M assurance requirements specified in the certification standards in China. This also proves Huawei can provide customers with efficient, stable, and secure cloud services.
International Common Criteria EAL3+ Certification
The Common Criteria for Information Technology Security Evaluation (CC) is an international standard for computer security certification. The CC specifies a group of security function and security assurance requirements. It also provides a benchmark, which is Evaluation Assurance Level (EAL), for evaluating IT security based on those requirements. HUAWEI CLOUD FusionSphere has passed the CC EAL 3+ certification.