- Trust Center Overview
- Compliance
- Compliance Center
International
-
ISO 27001
Widely accepted standard that specifies requirements for information security system management
-
TL 9000 & ISO 9001
Certification standards for quality management system
-
ISO 20000-1
International standard for information technology service management system
-
ISO 22301
International standard for business continuity management systems
-
CSA STAR gold certification
International certification for different levels of cloud security
-
ISO 27701
Guidance for privacy information management
-
BS 10012
Best practice framework aligned to the principles of the EU GDPR
-
ISO 29151
Standards identified by privacy risk and impact assessment
-
PCI DSS
Global security standard of the payment card industry
-
PCI 3DS
Financial industry certification for protecting the 3DS environment
-
ISO 27799
Healthcare industry standard on personal health information protection
-
ISO 27034
Standard that focuses on establishing processes and frameworks for secure software programs.
-
SOC 1 Type II Report
Independent audit reports on service providers' security controls
-
SOC 2 Type II Report
Internal security controls of Huawei Cloud service system
-
SOC 3 Report
Part of the SOC 2 report available to the public upon application
National/Regional
-
[Germany] C5
Highly recognized high-level security standard for cloud service providers
-
[Germany] TISAX
Security standard for information security assessment and data exchange in the automotive industry
-
[Singapore] OSPAR
Guidelines on the objectives and process of controlling outsourcing service providers
-
[Singapore] MTCS Tier 3
Highest level of Singapore Multi-Tier Cloud Security (MTCS) on cloud computing
-
[China] DJCP
General security standard issued by China's Ministry of Public Security (MPS)
-
[China] Cloud Computing Service Security Assessment by CAC
Security assessment on cloud platforms that provide services for party and government organs and critical IT infrastructure operators
-
[China] ITSS Cloud Computing Service Capability Evaluation by MIIT
Cloud computing service capability assessment based on the Chinese national standards such as General Requirements for Cloud Computing Cloud Service Operation
-
[China] Trusted Cloud Service (TRUCS)
One of the most authoritative assessments run by the Data Center Alliance (DCA) and the China Academy of Information and Communications Technology (CAICT).
-
[China] TRUCS Gold O&M Assessment
A special assessment of the O&M capabilities of cloud service providers. It recognizes that HUAWEI CLOUD has a sound, fully featured O&M management system for authoritative cloud service operations and maintenance assurance in China.
-
[China] Certification for the Capability of Protecting Cloud Service User Data
User data security evaluation for cloud services. Key metrics include pre-event prevention, in-event protection, and post-event tracing.
-
[Hong Kong,China] SRAA
Huawei Cloud has engaged an independent audit organization to conduct an ISAE 3000 audit of its cloud service controls, meeting the SRAA security requirements of the Hong Kong SAR government.
-
ENS (Esquema Nacional de Seguridad)
Mandatory law for companies in the public sector and their technology suppliers
-
[Indonesia] Indonesia Financial Industry ISAE 3000 Audit Report
Independent ISAE 3000 audit report that HUAWEI CLOUD complies with information security standards in Indonesia's financial industry
Other
-
[US] NIST Cybersecurity Framework
Cyber security framework based on the classic IPDRR capability model
-
[US] MPA
Best Practices for Media Content Protection
Huawei Cloud Privacy Certifications
-
ISO 27018
ISO 27018 is the first international code of conduct that focuses on personal data protection on cloud. This certification indicates that HUAWEI CLOUD has a complete system for the protection of personal data and leads the industry in data security management.
-
ISO 27701
ISO 27701 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to 27001 and 27002 for privacy management within the context of the organization.
-
ISO 29151
ISO 29151 establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).
-
BS 10012
BS 10012 provides a best practice framework for a personal information management system that is aligned to the principles of the EU GDPR. It outlines the core requirements organizations need to consider when collecting, storing, processing, retaining or disposing of personal records.
-
ISO 27799
The 27799 standard provides guidance for the healthcare industry and its associated agencies on how to better protect the confidentiality, integrity, auditability and availability of personal health information.
Regulatory requirements related to data protection and industry security in each country/region, Huawei Cloud compliance status, and regional and international compliance resources
Industry-specific regulatory requirements in each country/region, Huawei Cloud compliance status, and compliance resources
Industry-specific Guidance
-
Switzerland
-
Europe
-
Argentina
-
Brazil
-
Thailand
-
Indonesia