"We have incorporated years of experience in global compliance management and best practices into our management, technologies, and processes. Through regular external reviews, we provide you with runtimes and services that comply with local laws, regulations, and industry standards."

Certifications

  • Global

  • Regional

Global
  • ISO 27001:2013

    ISO 27001 is a widely accepted international standard that specifies requirements for management of information security systems. Centered on risk management, this standard ensures continuous operation of such systems by regularly assessing risks and applying appropriate controls.

  • ISO 27017:2015

    ISO 27017 is an international certification for cloud computing information security. It indicates that HUAWEI CLOUD's information security management has become an international best practice.

  • ISO 27018:2014

    ISO 27018 is the first international code of conduct that focuses on personal data protection on cloud. This certification indicates that HUAWEI CLOUD has a complete system for the protection of personal data and leads the industry in data security management.

  • ISO 20000-1:2011

    ISO 20000 is an international standard for information technology service management system (SMS). It specifies requirements for service providers to plan, establish, implement, operate, monitor, review, maintain, and improve an SMS to make sure service providers can provide effective IT services that meet business requirements.

  • ISO 22301:2012

    ISO 22301 is an international standard for business continuity management systems. It helps organizations identify, analyze, and monitor disruptive incidents and develop a complete business continuity plan to effectively recover customer businesses and to minimize loss and recovery costs.

  • CSA STAR

    Developed by the Cloud Security Alliance (CSA) and the British Standards Institution (BSI), CSA STAR certification is an international certification for different levels of cloud security, aiming to address relative problems of cloud security and to help cloud computing service providers demonstrate the maturity of their services.

  • ISO 27701:2019

    ISO 27701 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS), and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

  • BS 10012:2017

    BS 10012 provides a best practice framework for a personal information management system that is aligned to the principles of the EU GDPR. It outlines the core requirements organizations need to consider when collecting, storing, processing, retaining or disposing of personal records related to individuals.

  • ISO 29151:2017

    ISO 29151 establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).

  • SOC 1 Type II Report

    The SOC audit is an independent, third party audit performed based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the system and internal control of outsourced service providers.

  • SOC 2 Type II Report

    The SOC 2 Type II audit is an independent, third party audit performed based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the appropriateness of controls related to the security, availability, and confidentiality of the HUAWEI CLOUD service system.

  • SOC 2 Type I Report

    The SOC 2 Type I audit report is an independent audit report designed by a third-party audit institution based on the privacy-related control of the HUAWEI CLOUD service system and the standards formulated by the American Institute of Certified Public Accountants (AICPA).

  • SOC 3 Report

    SOC 3 is part of the SOC 2 report and mainly introduces the HUAWEI CLOUD service system. The report is available to the public upon application, and the public can learn about the internal controls of the cloud service provider based on the SOC 3 report.

  • PCI DSS

    Payment Card Industry Data Security Standard (PCI DSS) is a global card industry security standard established by the five main credit card organizations: JCB, American Express, Discover, MasterCard, and Visa. It is the strictest, most authoritative financial institution certification in the world.

  • International Common Criteria EAL3+ Certification

    Common Criteria (CC) provides assurances that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standardized, and repeatable manner; and at a level commensurate with the target environment. HUAWEI CLOUD has earned CC EAL 3+.

Regional
  • Singapore Multi Tier Cloud Security (MTCS) Level 3

    The MTCS standard was developed under the Singapore Information Technology Standards Committee (ITSC). This standard requires cloud service providers to adopt well-rounded risk management and security practices in cloud computing. The HUAWEI CLOUD Singapore region has obtained the level 3 (highest) certification.

  • DJCP

    The Dengjiceping standard, or "DJCP" (meaning "graded protection"), is issued by China's Ministry of Public Security (MPS), and has become the general security standard most widely followed in China. HUAWEI CLOUD has been certified as DJCP L3 and its key regions and nodes as L4.

  • Cloud Service Security Certification by Cyberspace Administration of China (CAC)

    A security review conducted by CAC under the Chinese national standard Information Security Technology — Security Capability Requirements of Cloud Computing Services. Our e-government cloud platform has earned this certification (enhanced level) with high security and controllability.

  • ITSS Cloud Computing Service Capability Evaluation by MIIT

    The cloud computing service capability assessment is based on the Chinese national standards such as General Requirements for Cloud Computing Cloud Service Operation. Huawei private cloud and public cloud have obtained the level-1 compliance certificate on cloud computing service capability.

  • Trusted Cloud Service (TRUCS)

    TRUCS, one of the most authoritative assessments in the public arena in China, is run by the Data Center Alliance (DCA) and the China Academy of Information and Communications Technology (CAICT).

  • TRUCS Gold O&M Assessment

    TRUCS Gold O&M Assessment is a special assessment of the O&M capabilities of cloud service providers. It recognizes that HUAWEI CLOUD has a sound, fully featured O&M management system for authoritative cloud service operations and maintenance assurance in China.

  • Certification for the Capability of Protecting Cloud Service User Data

    The certification is a mechanism for evaluating the user data security of cloud services. Key metrics include pre-event prevention, in-event protection, and post-event tracing.

Compliance Services

  • Data Encryption Workshop

    Encrypt data and manage keys and key pairs. Keys and random numbers are generated by third-party validated HSMs. Access to keys is controlled and all operations involving keys are traceable by logs, compliant with relevant laws and regulations.
  • Database Security Service

    Make your databases comply with HIPAA, SOX for accounting, and PCI DSS standards. Sensitive data can be detected and dynamically masked. Audit records are stored remotely to meet audit compliance requirements.

Download Compliance Certificates

Before downloading the latest certificates, you need to agree to HUAWEI CLOUD Confidentiality Commitment Letter. If a new compliance certificate is available, it will be automatically updated for you to download and use.

Download