HUAWEI CLOUD has inherited the complete Huawei management system as well as the IT system building and operation experience. Integration and O&M of cloud services are proactively managed and continuously optimized.
HUAWEI CLOUD is responsible for the security of underlying infrastructures, and users are responsible for the security of applications and purchased OSs deployed in clouds. HUAWEI CLOUD can assist users with required compliance certification.
HUAWEI CLOUD services and platforms have received the following certifications:
CSA STAR Gold Certification
The first authoritative certification of cloud security worldwide, CSA STAR certification is based on the Cloud Controls Matrix (CCM) and is a hardened version of the ISO/IEC 27001 information security management system. CSA STAR certification was developed by the Cloud Security Alliance (CSA) and the British Standards Institution (BSI), an authoritative standard development and preparation body as well as certification service provider worldwide. This certification aims to increase trust and transparency in the cloud computing industry and help cloud computing service providers show their service maturity.
HUAWEI CLOUD has received the CSA STAR Gold Certification, indicating the platform's leadership in information security management and cloud security maturity, as well as compliance with the highest international standards of security and availability.
For details, see https://cloudsecurityalliance.org/star/.
ISO 27001 is a widely used international standard that specifies requirements for information security management systems. Based on periodic risk evaluation, this standard provides a method for assessing systems that manage company and customer information.
This certification shows that the technology and management systems of HUAWEI CLOUD meet the most authoritative global information security standards
For details, see https://www.iso.org/.
ISO 27018 is the first international code of conduct that focuses on personal data protection in the cloud. It is based on ISO 27002 and provides an implementation guide for the ISO 27002 control system applicable to public cloud personal identifiable information (PII) to ensure that PII is properly protected when being processed by a cloud personal identity information processor. In this way, it functions as a common compliance framework for cloud service providers that operate in the multi-country market.
This certification indicates that HUAWEI CLOUD has a complete personal data protection management system and is in the global leading position in data security management. In addition, this is a strong evidence of the "do not touch applications; do not touch data" principle first advocated and always adhered to by HUAWEI CLOUD.
Information Security Protection Certification (Class 3) - Ministry of Public Security (MPS) of China
As a basic mechanism, policy, and method, China’s Ministry of Public Security (MPS) Information Security Protection Certification supports the development of informatization and protects national security and public interests. In the MPS certification process, information security protection is assessed based on five stages: classification, filing, security building and rectification, assessment of information security levels, and information security checking.
This certification shows that the technology and management systems of HUAWEI CLOUD meet the security requirements of the most authoritative Chinese government agency.
Cloud Service Security Certification - Cyberspace Administration of China (CAC)
The CAC Cloud Service Security Certification is based on a government agency-oriented standard for the security management of cloud services. This certification shows that the enterprise cloud services Huawei offers to government customers comply with the most comprehensive and rigorous security standard for cloud services in China.
Trusted Cloud Service (TRUCS) is the first certification in China for cloud service products. Under the guidance of the Department of Communications Development at China's Ministry of Industry and Information Technology (MIIT), the Cloud Computing Promotion and Policy Forum established TRUCS as a trusted cloud service workgroup. The core objective of TRUCS is to provide a system for evaluating cloud vendors, enabling users to select secure and trusted cloud vendors.
TRUCS systematically assesses a cloud vendor's implementation of 16 metrics in 3 categories, covering 90% of the information that the vendor must commit to or inform users of (based on the SLA).
This certification shows that HUAWEI CLOUD complies with the most detailed certification standard for cloud service data and service assurance in China.
The Gold O&M certification is designed to assess the O&M capability of cloud service providers who have passed trusted cloud certification. Gold O&M assesses the process management, adequacy of management system functions, and automatic management of O&M systems. Covering more than 200 items, Gold O&M comprehensively assesses the overall O&M management capability of cloud service providers. HUAWEI CLOUD passed the Gold O&M assessment with excellent results.
This certification shows that HUAWEI CLOUD services have a sound O&M management system that meets the cloud service O&M assurance requirements specified in Chinese certification standards. This also shows that HUAWEI CLOUD services are efficient, stable, and secure.
International Common Criteria EAL 3+ Certification
The Common Criteria for Information Technology Security Evaluation (CC) is based on an international standard for computer security. The CC specifies a group of requirements for security functions and security assurance. These requirements are evaluated based on a benchmark called Evaluation Assurance Level (EAL). HUAWEI CLOUD FusionSphere has passed CC EAL 3+.
PCI DSS Certification
Payment Card Industry Data Security Standard "PCI DSS" is the global card industry security standard, which is established by five major international payment brands, JCB, American Express, Discover, MasterCard and Visa, to enhance card member data and transaction data security. PCI DSS standard, which is the most authoritative and strictest financial institution certification in the world, stipulates nearly 300 items included in 6 areas and 12 requirements to be complied with, and the evaluation process is very strict and complex.
All places and components included in or connected to cardholder data environment fall within the scope of certification. Huawei Cloud is the first CSP in domestic whose all NODES and SERVICES in marketplace are certificated. The Certification has verified that All Huawei Cloud nodes can provide customers with financial-grade data security protection, not just specific nodes or services.
For details of the standard, see https://www.pcisecuritystandards.org/