The ISO/IEC 27001 information security management system is a broadly-used and internationally-recognized information security certification standard framework. This certification indicates that Huawei Mobile Services has established an effective, science-based information security management system to unify the enterprise's development strategy with information security management, and ensure that information security risks are properly controlled and correctly handled.
ISO/IEC 27018 is an international code of conduct that's dedicated to personal data protection on the cloud. It is based on ISO 27002, and provides guidelines for implementing the ISO 27002 control system applicable to personally identifiable information (PII) on the public cloud. This ensures that PII is optimally protected while being processed by the cloud-based personal identity information processor, and thereby provides a common compliance framework for cloud service providers operating in multiple jurisdictions.
The ISO/IEC 27701 privacy information management system provides a comprehensive set of personal data processing methods and multi-dimensional privacy information management framework, encompassing organizational governance, legal compliance, process specifications, information technology, as well as supervision and audit. This certification indicates that Huawei Mobile Services has a comprehensive personal information protection management system in place across the design, R&D, operations, and O&M phases, and occupies a leading global position with regard to personal information security management, transparency, and privacy compliance.
CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry jointly launched by the British Standards Institute (BSI) and Cloud Security Alliance (CSA). CSA STAR assesses the security level, and addresses cloud security-specific issues. By leveraging the requirements of ISO/IEC 27001 certification and the cloud control matrix (CCM), it applies the maturity model and assessment methodology provided by BSI to comprehensively assess the cloud security management and technical capabilities of organizations.
The SOC 1 report is based on AT-C section 320 in the Statement on Standards for Attestation Engagements (SSAE) No.18, and is issued to certify the internal control of service organizations. This report indicates that Huawei Mobile Services has established an appropriately designed internal control system that runs effectively, based on the requirements of the SSAE No.18. The SOC 2 and SOC 3 reports are based on TSP section 100 (2017 version) formulated by the American Institute of Certified Public Accountants (AICPA), and are used to certify the internal control design, with regard to the security, availability, and confidentiality of a service system. These reports indicate that the design for Huawei Mobile Services in these areas enjoys an industry-leading status.
ePrivacyseal is a highly-respected European privacy certification that covers the requirements of the General Data Protection Regulation (GDPR) for digital products. The catalogue of criteria for certification is continually being adapted to account for interpretations of GDPR and other data protection laws. ePrivacyseal assesses legal and technical aspects, to ensure secure and visible compliance with the GDPR, thereby protecting consumer privacy.