Certification standards for quality management system
International standard for information technology service management system
International standard for business continuity management systems
CSA STAR gold certification
International certification for different levels of cloud security
Guidance for privacy information management
Best practice framework aligned to the principles of the EU GDPR
Standards identified by privacy risk and impact assessment
Global security standard of the payment card industry
Financial industry certification for protecting the 3DS environment
Healthcare industry standard on personal health information protection
Standard that focuses on establishing processes and frameworks for secure software programs.
SOC 1 Type II Report
Independent audit reports on service providers' security controls
SOC 2 Type II Report
Internal security controls of Huawei Cloud service system
SOC 3 Report
Part of the SOC 2 report available to the public upon application
Highly recognized high-level security standard for cloud service providers
Security standard for information security assessment and data exchange in the automotive industry
Guidelines on the objectives and process of controlling outsourcing service providers
[Singapore] MTCS Tier 3
Highest level of Singapore Multi-Tier Cloud Security (MTCS) on cloud computing
General security standard issued by China's Ministry of Public Security (MPS)
[China] Cloud Computing Service Security Assessment by CAC
Security assessment on cloud platforms that provide services for party and government organs and critical IT infrastructure operators
[China] ITSS Cloud Computing Service Capability Evaluation by MIIT
Cloud computing service capability assessment based on the Chinese national standards such as General Requirements for Cloud Computing Cloud Service Operation
[China] Trusted Cloud Service (TRUCS)
One of the most authoritative assessments run by the Data Center Alliance (DCA) and the China Academy of Information and Communications Technology (CAICT).
[China] TRUCS Gold O&M Assessment
A special assessment of the O&M capabilities of cloud service providers. It recognizes that HUAWEI CLOUD has a sound, fully featured O&M management system for authoritative cloud service operations and maintenance assurance in China.
[China] Certification for the Capability of Protecting Cloud Service User Data
User data security evaluation for cloud services. Key metrics include pre-event prevention, in-event protection, and post-event tracing.
[Hong Kong,China] SRAA
Huawei Cloud has engaged an independent audit organization to conduct an ISAE 3000 audit of its cloud service controls, meeting the SRAA security requirements of the Hong Kong SAR government.
ENS (Esquema Nacional de Seguridad)
Mandatory law for companies in the public sector and their technology suppliers
[Indonesia] Indonesia Financial Industry ISAE 3000 Audit Report
Independent ISAE 3000 audit report that HUAWEI CLOUD complies with information security standards in Indonesia's financial industry
[US] NIST Cybersecurity Framework
Cyber security framework based on the classic IPDRR capability model
Best Practices for Media Content Protection
Huawei Cloud Privacy Certifications
ISO 27018 is the first international code of conduct that focuses on personal data protection on cloud. This certification indicates that HUAWEI CLOUD has a complete system for the protection of personal data and leads the industry in data security management.
ISO 27701 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to 27001 and 27002 for privacy management within the context of the organization.
ISO 29151 establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).
BS 10012 provides a best practice framework for a personal information management system that is aligned to the principles of the EU GDPR. It outlines the core requirements organizations need to consider when collecting, storing, processing, retaining or disposing of personal records.
The 27799 standard provides guidance for the healthcare industry and its associated agencies on how to better protect the confidentiality, integrity, auditability and availability of personal health information.