ISO/IEC 27017

ISO/IEC 27017

The international standard and guidelines for information security controls applicable to the provision and use of cloud services

The international standard and guidelines for information security controls applicable to the provision and use of cloud services

Frequently asked questions about ISO/IEC 27017

Frequently asked questions about ISO/IEC 27017

What's ISO/IEC 27017?

ISO/IEC 27017 is an international standard and code of practice for information security controls based on ISO/IEC 27002 for cloud services. Huawei Cloud has earned ISO/IEC 27017 certification, which certifies its ability to provide a secure, reliable cloud environment with all the appropriate information security controls in place.     In addition, Huawei Cloud invites third-party organizations to periodically review its information security management systems based on changing conditions. This ensures that Huawei Cloud services are always protected by industry-leading information security management practices.

Which data centers are covered by Huawei Cloud's ISO/IEC 27017 certification?

The ISO/IEC 27017 certification covers over 40 data centers belonging to Huawei Cloud globally, plus operation and maintenance services for them, including the provision of operation and maintenance services for Huawei Cloud data centers based on third-party IDCs, as well as those for Huawei Cloud's self-built data centers. You can download Huawei Cloud's ISO/IEC 27017 certificate from Compliance Certificates.

Which Huawei Cloud services are covered by ISO/IEC 27017 certification?

The ISO/IEC 27017 certification covers over 150 Huawei Cloud services including, but not limited to, Advanced Anti-DDoS (AAD), Web Application Firewall (WAF), Data Encryption Workshop (DEW), and Database Security Service (DBSS). You can download Huawei Cloud's ISO/IEC 27017 certificate from Compliance Certificates.     

If you would like to learn more about our products, please contact us.

Can my organization become ISO/IEC 27017-certified automatically by using Huawei Cloud?

Although Huawei Cloud has earned ISO/IEC 27017 certification and provides you with secure and reliable cloud services on this basis, using services provided by Huawei Cloud does not certify your organization's compliance with ISO/IEC 27017. ISO/IEC 27017 certification requires us to establish, implement, maintain, and continuously improve the cloud-based information security management system of our organizations based on the ISO/IEC 27017 guidelines, standards, and best practices. To assess your own system and get your organization certified, you can invite an independent third-party certifying body.