Press Releases > HUAWEI CLOUD Earns ISO 27799 Information Security Management Certification

HUAWEI CLOUD Earns ISO 27799 Information Security Management Certification

Sep 16, 2020

The British Standards Institution (BSI), an authoritative international standards organization, announced at the Huawei Developer Conference 2020 in September that HUAWEI CLOUD had obtained the ISO 27799 information security management certification. Huawei is the world's first cloud service provider to earn this certification. This reflects HUAWEI CLOUD's information security capabilities in the healthcare industry and its efforts in fighting the global COVID-19 pandemic and protecting patient privacy. Zhang Yuxin, Chief Technology Officer of HUAWEI CLOUD and Paulo Lopes, Director of BSI's China Strategic Partnership, attended the ceremony.



Zhang Yuxin (left) accepts the ISO 27799 certificate issued by Paulo Lopes (right)

I. What Has Allowed HUAWEI CLOUD to Become the World's First Cloud Service Provider to Obtain ISO 27799 Certification?

ISO 27799 is a system standard for information security management that is widely recognized in the healthcare industry. It is also a general security standard recognized by the European Committee for Standardization (CEN). ISO 27799 aims to provide optimal guidance for healthcare and related industries to protect the confidentiality, integrity, availability, and auditability of personal health information.

The ISO 27799 standard has high requirements, which prevents most vendors from acquiring it. How did HUAWEI CLOUD become the world's first cloud service provider to earn this certification? The answer lies in HUAWEI CLOUD's comprehensive security system, which is inclusive, compliant, and efficient.

The comprehensive HUAWEI CLOUD security system consists of six levels of technical systems: security service, data security management, global security operation, security governance and certification, service R&D security, and a trustworthy cloud platform.

HUAWEI CLOUD's ecosystem has 12 cloud native services and more than 200 services in total. They work together to protect the workloads, applications, and data on the cloud, helping predict and avoid threats.

HUAWEI CLOUD data security services protect customer data throughout their lifecycle, which includes generation, storage, sensitive data identification, encrypted transmission, and secure destruction. HUAWEI CLOUD helps customers identify files in more than 200 formats with an accuracy of 95%. Its data encryption capabilities have been integrated into more than 40 cloud services.

HUAWEI CLOUD has security operation centers in the Asia Pacific, Europe, and Latin America regions, providing 24/7 intelligent threat awareness and automatic defense. Every year HUAWEI CLOUD protects users from hundreds of billions of network attacks, hundreds of thousands of serious vulnerabilities, DoS attacks of over 1 Tbit/s, and hundreds of millions of account and password cracking attempts.

HUAWEI CLOUD improved the security level of its cloud platform based on authoritative international standards. HUAWEI CLOUD has obtained numerous certifications in recent years, including PCI-DSS and DJCP 4 in 2018; ISO 22301, TL 9000, and ISO/IEC 27701 in 2019; Singapore OSPAR, NIST CSF, PCI 3DS, and ISO 27799 in 2020. HUAWEI CLOUD shares its practical experience, making it a major contributor to the cloud security alliance and trusted cloud standards.

HUAWEI CLOUD protects every stage of the service lifecycle, including project initiation, design, development, rollout, and operations. Its platform automatically checks cloud service code millions of times a year to ensure cloud-intrinsic security.

HUAWEI CLOUD has enhanced 16 different aspects of its platform security, including the physical security of its data centers, infrastructure security, service security, operations security, and personnel management. Its platform is measured by more than 1,500 metrics and is strictly compliant with the most stringent standards. HUAWEI CLOUD adds hundreds of new metrics every year to monitor its cloud platform, ensuring that it evolves with cloud-intrinsic security.

II. Rich Experience in the Healthcare Industry

HUAWEI CLOUD has accumulated a wealth of experience in the healthcare industry. Using its advanced cloud service capabilities, including cloud-network synergy, big data, and artificial intelligence, HUAWEI CLOUD works with top healthcare partners to launch solutions, including digital hospitals, pharmaceutical clouds, and genetic sequencing. HUAWEI CLOUD has served customers including HPGC, KingMed Diagnostics, Hope Group, and Beijing Hospital, resolving pain points such as data interconnection among medical service systems, construction and maintenance of hospital systems in batches, collaboration between mobile medical offices, and network security protection. HUAWEI CLOUD has a deep understanding of healthcare security, including privileged access control, sensitive data encryption, security attack and defense, and security personnel management of medical institutions. This level of insight is what has allowed HUAWEI CLOUD to obtain the ISO 27799 certification.

III. HUAWEI CLOUD Is Committed to Protecting Patient Privacy with Its Comprehensive Security System

"All healthcare organizations are required to use strict security requirements to protect the personal health information entrusted to them, regardless of the scale, location, and model of their services." Zhang Yuxin said at the certification ceremony, "As more and more medical organizations migrate to the cloud, cloud service providers should comply with the same strict security requirements and work with providers to protect patient privacy. ISO 27799 certification is the fruit of HUAWEI CLOUD's in-depth understanding of healthcare digitization and accumulation of patient privacy protection technologies. It is also an important exploration of HUAWEI CLOUD's advanced security technologies for protecting information security in the healthcare industry. "