Compliance Frequently Asked Questions
Compliance Frequently Asked Questions
-
What security/privacy certificates has Huawei Cloud earned?
Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and service security provided by Huawei Cloud has been reviewed and approved by independent third-party authorities recognized throughout the industry and has earned security certification from numerous organizations.
Huawei Cloud has been certificated by various international authorities and is compliant with industry standards. Examples include:
Security standards: ISO 27001, ISO 27017, CSA STAR Gold Certificate, "DJCP" (graded protection) level 3 and 4 by China's Ministry of Public Security (MPS), and PCI DSS and NIST cyber security framework (CSF) for the card payments.
Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151 and ISO 27799.
Learn more in [Compliance Certificates] of the Compliance Center. In addition to the third-party certifications, you can find solutions to compliance problems in [Country/Region-specific Guidance] and [Industry-specific Guidance] of the Compliance Center.
-
How does Huawei Cloud meet HIPPA requirements?
The Health Insurance Portability and Accountability Act (HIPAA) includes a series of security and privacy control requirements for protected health information (PHI) to enhance information sharing and improve the efficiency and quality of healthcare systems. Currently, there is no certification for HIPAA.
According to HIPAA, Huawei Cloud is defined as a business associate. Entities processing ePHI need to sign Business Associate Agreements (BAAs) with their business partners.
We provide a BAA template that complies with HIPAA requirements. You can customize a BAA based on your service requirements. As a business partner, Huawei Cloud establishes HIPAA-compliant policies and processes and updates them based on requirement changes. We keep records of these policies. You can learn about the internal management process and execution information from the third-party independent audit report or Huawei Cloud official website. We provide services and a secure environment that meet contract obligations to ensure that your data will not be damaged, tampered with, or accessed without authorization.
We listed questions you may have and service support that Huawei Cloud can provide for you based on the core requirements of HIPAA. For details, see Huawei Cloud Compliance with HIPAA.
-
Does Huawei Cloud periodically update certifications?
Yes. To respond to ever-changing cloud environments and services, we regularly review and update certificates in accordance with certification requirements to ensure our leading position in information security management and privacy protection.
-
Can I download a copy of these certificates?
Yes.
You can download certificates from the Trust Center. If you want to know what the certificates cover, or if you need assistance from Huawei Cloud when your business is being certified, you can apply for and download a copy of the certificates from the Download Compliance Certificates area.
-
What compliance services does Huawei Cloud provide to help me quickly obtain certificates?
Huawei Cloud keeps an eye on changes of laws and regulations and develops security services and one-stop security solution based on its extensive experience to help you comply with the business security requirements and quickly obtain required certificates. Take the Database Security Service (DBSS) as an example. It complies with the HIPAA, SOX, and PCI DSS, meeting your auditing requirements. You can use it to audit database, important user behavior, and security events of each and every user. In addition, DBSS provides compliance reports that meet data security standards (such as Sarbanes-Oxley).
-
Which Huawei Cloud services can help me comply with security and privacy regulations?
With strict R&D process controls in place, all Huawei Cloud services provide security and privacy features, including but not limited to encryption, deletion, and monitoring and response, that meet global laws and regulations.
-
How does Huawei Cloud protect my data subject rights?
Huawei Cloud provides a request channel and has a professional team to process the requests. The team quickly responds to and processes your requests, and notifies data subjects of the results.
If you have any questions, comments, or suggestions, please contact us through the customer service hotline. You can submit your request to us on the personal data subject page.
-
How does Huawei Cloud handle data leaks?
To address any personal data leaks, damages, or other losses, we have developed multiple regulations and control measures that specify the classification and grading standards of security incidents and security vulnerabilities, as well as the handling processes.
Additionally, we have set up a dedicated privacy protection team to disclose personal data breaches in a timely manner in accordance with applicable laws and regulations. We will carry out emergency plans and start recovery processes to reduce the impact on you.
Resources
Huawei Cloud Security White Paper
White Paper for Huawei Cloud Data Security