"We have incorporated years of experience in global compliance management and best practices into our management, technologies, and processes. Through regular external reviews, we provide you with runtimes and services that comply with local laws, regulations, and industry standards."


  • Global

  • Regional

  • ISO 27001:2013

    ISO 27001 is a widely accepted international standard that specifies requirements for management of information security systems. Centered on risk management, this standard ensures continuous operation of such systems by regularly assessing risks and applying appropriate controls.

  • ISO 27017:2015

    ISO 27017 is an international certification for cloud computing information security. It indicates that HUAWEI CLOUD's information security management has become an international best practice.

  • ISO 27018:2014

    ISO 27018 is the first international code of conduct that focuses on personal data protection on cloud. This certification indicates that HUAWEI CLOUD has a complete system for the protection of personal data and leads the industry in data security management.

  • TL 9000 & ISO 9001

    TL 9000 is a set of general quality management system requirements designed by the QuEST Forum for the global ICT industry and provided by ICT product and service providers. ISO 9001 is one of the core quality management system standards included in the ISO 9000 family of standards to demonstrate the organization's ability to deliver products that meet customer requirements and applicable regulatory requirements.

  • ISO 20000-1:2011

    ISO 20000 is an international standard for information technology service management system (SMS). It specifies requirements for service providers to plan, establish, implement, operate, monitor, review, maintain, and improve an SMS to make sure service providers can provide effective IT services that meet business requirements.

  • ISO 22301:2012

    ISO 22301 is an international standard for business continuity management systems. It helps organizations identify, analyze, and monitor disruptive incidents and develop a complete business continuity plan to effectively recover customer businesses and to minimize loss and recovery costs.


    Developed by the Cloud Security Alliance (CSA) and the British Standards Institution (BSI), CSA STAR certification is an international certification for different levels of cloud security, aiming to address relative problems of cloud security and to help cloud computing service providers demonstrate the maturity of their services.

  • ISO 27701:2019

    ISO 27701 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS), and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

  • BS 10012:2017

    BS 10012 provides a best practice framework for a personal information management system that is aligned to the principles of the EU GDPR. It outlines the core requirements organizations need to consider when collecting, storing, processing, retaining or disposing of personal records related to individuals.

  • ISO 29151:2017

    ISO 29151 establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).


    Payment Card Industry Data Security Standard (PCI DSS) is a global card industry security standard established by the five main credit card organizations: JCB, American Express, Discover, MasterCard, and Visa. It is the strictest, most authoritative financial institution certification in the world.

  • PCI 3DS

    The PCI 3DS standard is designed to protect 3DS environments that perform specific 3DS functions or store 3DS data and support 3DS implementation. The evaluation object of PCI 3DS is the 3D protocol execution environment, including the access control server, directory server, and 3DS server functions. and system components, such as firewalls, virtual servers, network devices, and applications, that are within and connected to the 3D execution environment; In addition, the process, process, and personnel management of the 3D protocol execution environment will be evaluated.

  • ISO 27799:2016

    The 27799 standard provides guidance for the healthcare industry and its associated agencies on how to better protect the confidentiality, integrity, auditability and availability of personal health information.

  • NIST Cybersecurity Framework

    The NIST cyber security framework consists of three parts: standards, guidelines, and best practices for managing cyber security risks. The core content of the framework can be summarized as the classic IPDRR capability model, five capabilities: Identify, Protect, Detect, Response, Recovery.

  • SOC 1 Type II Report

    The SOC audit is an independent, third party audit performed based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the system and internal control of outsourced service providers.

  • SOC 2 Type II Report

    The SOC 2 Type II audit is an independent, third party audit performed based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the appropriateness of controls related to the security, availability, and confidentiality of the HUAWEI CLOUD service system.

  • SOC 2 Type I Report

    The SOC 2 Type I audit report is an independent audit report designed by a third-party audit institution based on the privacy-related control of the HUAWEI CLOUD service system and the standards formulated by the American Institute of Certified Public Accountants (AICPA).

  • SOC 3 Report

    SOC 3 is part of the SOC 2 report and mainly introduces the HUAWEI CLOUD service system. The report is available to the public upon application, and the public can learn about the internal controls of the cloud service provider based on the SOC 3 report.

  • International Common Criteria EAL3+ Certification

    Common Criteria (CC) provides assurances that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standardized, and repeatable manner; and at a level commensurate with the target environment. HUAWEI CLOUD has earned CC EAL 3+.

  • M&O certification

    Uptime Institute is a globally recognized data center standardization organization and an authoritative professional certification organization. Huawei cloud data centers have obtained the M&O certification issued by Uptime Institute. The M&O certification symbolizes that HUAWEI CLOUD data center O&M management has been leading in the world.

  • Singapore Multi Tier Cloud Security (MTCS) Level 3

    The MTCS standard was developed under the Singapore Information Technology Standards Committee (ITSC). This standard requires cloud service providers to adopt well-rounded risk management and security practices in cloud computing. The HUAWEI CLOUD Singapore region has obtained the level 3 (highest) certification.

  • DJCP

    The Dengjiceping standard, or "DJCP" (meaning "graded protection"), is issued by China's Ministry of Public Security (MPS), and has become the general security standard most widely followed in China. HUAWEI CLOUD has been certified as DJCP L3 and its key regions and nodes as L4.

  • Cloud Service Security Certification by Cyberspace Administration of China (CAC)

    A security review conducted by CAC under the Chinese national standard Information Security Technology — Security Capability Requirements of Cloud Computing Services. Our e-government cloud platform has earned this certification (enhanced level) with high security and controllability.

  • ITSS Cloud Computing Service Capability Evaluation by MIIT

    The cloud computing service capability assessment is based on the Chinese national standards such as General Requirements for Cloud Computing Cloud Service Operation. Huawei private cloud and public cloud have obtained the level-1 compliance certificate on cloud computing service capability.

  • Trusted Cloud Service (TRUCS)

    TRUCS, one of the most authoritative assessments in the public arena in China, is run by the Data Center Alliance (DCA) and the China Academy of Information and Communications Technology (CAICT).

  • TRUCS Gold O&M Assessment

    TRUCS Gold O&M Assessment is a special assessment of the O&M capabilities of cloud service providers. It recognizes that HUAWEI CLOUD has a sound, fully featured O&M management system for authoritative cloud service operations and maintenance assurance in China.

  • Certification for the Capability of Protecting Cloud Service User Data

    The certification is a mechanism for evaluating the user data security of cloud services. Key metrics include pre-event prevention, in-event protection, and post-event tracing.

Compliance Services

Compliance Services

  • Data Encryption Workshop

    Encrypt data and manage keys and key pairs. Keys and random numbers are generated by third-party validated HSMs. Access to keys is controlled and all operations involving keys are traceable by logs, compliant with relevant laws and regulations.
  • Database Security Service

    Use DBSS to audit every user's behavior and security events. Audit logs can be stored for 180 days or longer, helping you comply with DJCP (graded protection) standards and the Cybersecurity Law of the People's Republic of China.

Download Compliance Certificates

Before downloading the latest certificates, you need to agree to HUAWEI CLOUD Confidentiality Commitment Letter. If a new compliance certificate is available, it will be automatically updated for you to download and use.