Security Compliance

HUAWEI CLOUD has inherited the complete Huawei management system as well as the IT system building and operation experience. Integration and O&M of cloud services are proactively managed and continuously optimized.

HUAWEI CLOUD is responsible for the security of underlying infrastructures, and users are responsible for the security of applications and purchased OSs deployed in clouds. HUAWEI CLOUD can assist users with required compliance certification.

HUAWEI CLOUD services and platforms have received the following certifications:

CSA STAR Gold Certification

The first authoritative certification of cloud security worldwide, CSA STAR certification is based on the Cloud Controls Matrix (CCM) and is a hardened version of the ISO/IEC 27001 information security management system. CSA STAR certification was developed by the Cloud Security Alliance (CSA) and the British Standards Institution (BSI), an authoritative standard development and preparation body as well as certification service provider worldwide. This certification aims to increase trust and transparency in the cloud computing industry and help cloud computing service providers show their service maturity.

HUAWEI CLOUD has received the CSA STAR Gold Certification, indicating the platform's leadership in information security management and cloud security maturity, as well as compliance with the highest international standards of security and availability.

For details, see

ISO 27001:2013

ISO 27001 is a widely used international standard that specifies requirements for information security management systems. Based on periodic risk evaluation, this standard provides a method for assessing systems that manage company and customer information.

This certification shows that the technology and management systems of HUAWEI CLOUD meet the most authoritative global information security standards.

For details, see

CSA C-STAR Certification

Authorized by the Cloud Security Alliance (CSA), CSA Security Trust and Assurance Registry (C STAR) is a cloud service security certification developed by China CEPREI Laboratory, an independent third-party auditing institute. In addition to the Cloud Controls Matrix (CCM) from CSA, CEPREI has added requirements for classified protection and a personal information protection guide. CSA STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, helping users assess the security of cloud providers they use or are considering.

This certification shows that HUAWEI CLOUD security meets the most advanced standards and requirements in the world.

For details, see

Information Security Protection Certification (Class 3) - Ministry of Public Security (MPS) of China

As a basic mechanism, policy, and method, China’s Ministry of Public Security (MPS) Information Security Protection Certification supports the development of informatization and protects national security and public interests. In the MPS certification process, information security protection is assessed based on five stages: classification, filing, security building and rectification, assessment of information security levels, and information security checking.

This certification shows that the technology and management systems of HUAWEI CLOUD meet the security requirements of the most authoritative Chinese government agency.

Cloud Service Security Certification - Cyberspace Administration of China (CAC)

The CAC Cloud Service Security Certification is based on a government agency-oriented standard for the security management of cloud services. This certification shows that the enterprise cloud services Huawei offers to government customers comply with the most comprehensive and rigorous security standard for cloud services in China.


Trusted Cloud Service (TRUCS) is the first certification in China for cloud service products. Under the guidance of the Department of Communications Development at China's Ministry of Industry and Information Technology (MIIT), the Cloud Computing Promotion and Policy Forum established TRUCS as a trusted cloud service workgroup. The core objective of TRUCS is to provide a system for evaluating cloud vendors, enabling users to select secure and trusted cloud vendors.

TRUCS systematically assesses a cloud vendor's implementation of 16 metrics in 3 categories, covering 90% of the information that the vendor must commit to or inform users of (based on the SLA).

This certification shows that HUAWEI CLOUD complies with the most detailed certification standard for cloud service data and service assurance in China.

Gold O&M

The Gold O&M certification is designed to assess the O&M capability of cloud service providers who have passed trusted cloud certification. Gold O&M assesses the process management, adequacy of management system functions, and automatic management of O&M systems. Covering more than 200 items, Gold O&M comprehensively assesses the overall O&M management capability of cloud service providers. HUAWEI CLOUD passed the Gold O&M assessment with excellent results.

This certification shows that HUAWEI CLOUD services have a sound O&M management system that meets the cloud service O&M assurance requirements specified in Chinese certification standards. This also shows that HUAWEI CLOUD services are efficient, stable, and secure.

International Common Criteria EAL 3+ Certification

The Common Criteria for Information Technology Security Evaluation (CC) is based on an international standard for computer security. The CC specifies a group of requirements for security functions and security assurance. These requirements are evaluated based on a benchmark called Evaluation Assurance Level (EAL). HUAWEI CLOUD FusionSphere has passed CC EAL 3+.