HUAWEI CLOUD makes trustworthiness the most important aspect of product quality. We are building a globally credible public cloud featuring security, compliance, privacy, transparency, and resilience.

"Stands out with robust security and ALM capabilities. Huawei provides broad security coverage, such as escape prevention and traffic control over different layers." (The Forrester New WaveTM: Public Cloud Enterprise Container Platforms, Q3 2019)

Key Information

Trust White Paper

HUAWEI CLOUD Releases the Industry's First White Paper on Trustworthiness

Learn More

Privacy White Paper

Safeguard strict service boundaries, helping customers protect privacy.

Learn More

Security White Paper

Learn from our extensive experience with cloud security. Make the security industry more open and develop better.

Learn More

Data Security White Paper

Learn about our best practices, and experiences in the data security field and throughout the industry.

Learn More

Containers Enter the Strong Performer Quadrant

"Huawei provides broad security coverage, such as escape prevention and traffic control over different layers." (Forrester, Public Cloud Enterprise Container Platforms, Q3 2019)

First Provider Qualified for Information Security

HUAWEI CLOUD was one of the first companies to obtain information security service qualifications (cloud computing security, level 1) from CNITSEC.

Trustworthiness Features

Trustworthiness Features

  • Security

    Share with you more than 30 years of Huawei's security practices in serving corporate customers around the world.
    Share with you more than 30 years of Huawei's security practices in serving corporate customers around the world.
  • Compliance

    We regularly undergo compliance reviews from third parties, providing cloud services and business runtimes compliant with relevant laws and industry standards.
    We regularly undergo compliance reviews from third parties, providing cloud services and business runtimes compliant with relevant laws and industry standards.
  • Privacy

    Privacy is in our DNA. Our experience in protecting data privacy in hundreds of countries and regions around the world will be leveraged to keep your data safe.
    Privacy is in our DNA. Our experience in protecting data privacy in hundreds of countries and regions around the world will be leveraged to keep your data safe.
  • Transparency

    We strictly comply with the data protection protocols of the countries and regions we provide services for. You have full control over your data.
    We strictly comply with the data protection protocols of the countries and regions we provide services for. You have full control over your data.
  • Resilience

    Full-stack services and 24/7 quick responses protect services from attacks.
    Full-stack services and 24/7 quick responses protect services from attacks.

Certifications

  • Global

  • Regional

Global
  • ISO 27001:2013

    ISO 27001 is a widely accepted international standard that specifies requirements for management of information security systems. Centered on risk management, this standard ensures continuous operation of such systems by regularly assessing risks and applying appropriate controls.

  • ISO 27017:2015

    ISO 27017 is an international certification for cloud computing information security. It indicates that HUAWEI CLOUD's information security management has become an international best practice.

  • ISO 27018:2014

    ISO 27018 is the first international code of conduct that focuses on personal data protection on cloud. This certification indicates that HUAWEI CLOUD has a complete system for the protection of personal data and leads the industry in data security management.

  • ISO 20000-1:2011

    ISO 20000 is an international standard for information technology service management system (SMS). It specifies requirements for service providers to plan, establish, implement, operate, monitor, review, maintain, and improve an SMS to make sure service providers can provide effective IT services that meet the requirements of customers and businesses.

  • ISO 22301:2012

    ISO 22301 is an international standard for business continuity management systems. It specifies requirements for a management system to help organizations identify, analyze, and monitor disruptive incidents and develop a complete business continuity plan to effectively and quickly recover customer businesses so that the organizations can ensure the normal running of core functions and minimize loss and recovery costs.

  • CSA STAR

    Developed by the Cloud Security Alliance (CSA) and the British Standards Institution (BSI), CSA STAR certification is an international certification for different levels of cloud security, aiming to address relative problems of cloud security and to help cloud computing service providers demonstrate the maturity of their services.

  • ISO 27701:2019

    ISO 27701 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to 27001 and 27002 for privacy management within the context of the organization. ISO 27701 specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

  • BS 10012:2017

    BS 10012 provides a best practice framework for a personal information management system that is aligned to the principles of the EU GDPR. It outlines the core requirements organizations need to consider when collecting, storing, processing, retaining or disposing of personal records related to individuals.

  • ISO 29151:2017

    ISO 29151 establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to PII protection.

  • SOC 1 Type II Report

    The SOC audit is an independent, third party audit performed based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the system and internal control of outsourced service providers.

  • SOC 2 Type II Report

    The SOC audit is an independent, third party audit performed based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the system and internal control of outsourced service providers.

  • SOC 2 Type I Report

    The SOC 2 Type I audit report is an independent audit report designed by a third-party audit institution based on the privacy-related control of the HUAWEI CLOUD service system and the standards formulated by the American Institute of Certified Public Accountants (AICPA).

  • SOC 3 Report

    SOC 3 is part of the SOC 2 report and mainly introduces the HUAWEI CLOUD service system. The report is available to the public upon application, and the public can learn about the internal controls of the cloud service provider based on the SOC 3 report.

  • PCI DSS

    Payment Card Industry Data Security Standard (PCI DSS) is a global card industry security standard established by the five main credit card organizations: JCB, American Express, Discover, MasterCard, and Visa. It is the strictest, most authoritative financial institution certification in the world.

  • International Common Criteria EAL3+ Certification

    Common Criteria (CC) certification is a set of international standards for IT products and systems security certification. CC provides assurances that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standardized, and repeatable manner; and at a level that is commensurate with the target environment. HUAWEI CLOUD has earned CC EAL 3+ certification, which was highly recognized worldwide.

Regional
  • Singapore Multi Tier Cloud Security (MTCS) Level 3

    The MTCS standard was developed under the Singapore Information Technology Standards Committee (ITSC). This standard requires cloud service providers to adopt well-rounded risk management and security practices in cloud computing. The HUAWEI CLOUD Singapore region has obtained the level 3 (highest) certification of MTCS.

  • DJCP

    The Dengjiceping standard, or "DJCP" (meaning "graded protection"), is issued by China's Ministry of Public Security (MPS). DJCP is used to guide organizations in China through cyber security development. It has become the general security standard most widely followed by industries in China. HUAWEI CLOUD has been registered and assessed, earning DJCP level 3 certification. Key regions and nodes of HUAWEI CLOUD have been certified as DJCP level 4.

  • Cloud Service Security Certification by Cyberspace Administration of China (CAC)

    The Cloud Service Security Certification is a security review conducted by CAC under the Chinese national standard Information Security Technology — Security Capability Requirements of Cloud Computing Services. The HUAWEI CLOUD e-government cloud platform has earned this certification (enhanced level), indicating that the national cyber security management organizations recognize the security and controllability offered by the HUAWEI CLOUD e-government cloud platform.

  • ITSS Cloud Computing Service Capability Evaluation by MIIT

    The cloud computing service capability assessment is based on the Chinese national standards such as General Requirements for Cloud Computing Cloud Service Operation. Huawei private cloud and public cloud have obtained the level-1 compliance certificate on cloud computing service capability.

  • Trusted Cloud Service (TRUCS)

    TRUCS, one of the most authoritative assessments in the public arena in China, is run by the Data Center Alliance (DCA) and the China Academy of Information and Communications Technology (CAICT).

  • TRUCS Gold O&M Assessment

    TRUCS Gold O&M Assessment is a special assessment of the O&M capabilities of cloud service providers that have earned TRUCS certification. HUAWEI CLOUD has earned TRUCS Gold O&M Assessment, indicating that HUAWEI CLOUD has a sound, fully featured O&M management system that meets the standards required for authoritative cloud service operations and maintenance assurance in China.

  • Certification for the Capability of Protecting Cloud Service User Data

    The certification is a mechanism for evaluating the user data security of cloud services. Key metrics include pre-event prevention, in-event protection, and post-event tracing.

Customer Stories
alt-logo-car
HUAWEI CLOUD Security Services Join with Huawei Vmall to Safeguard Consumers' Online Transactions
alt-logo-car
Advanced Anti-DDoS + WAF, Protecting Nongfu Spring's Services Against DDoS Attacks
Vmall
Nongfu Spring

Create an Account and Experience HUAWEI CLOUD for Free

Register Now