E2E Cyber Security Assurance System

Huawei started its cyber security journey in 1999 when it published its first set of security technical regulations to enhance the security of products and solutions. In 2011, our founder and CEO Ren Zhengfei fully endorsed the strategy and issued the following Cyber Security Assurance policy that further reinforced and enhanced our commitment:

“As a global leading telecom solutions provider, Huawei Technologies Co. Ltd. ("Huawei") is fully aware of the importance of cyber security and understands the concerns of various governments and customers about security. With the constant evolution and development of the telecom industry and information technology, security threats and challenges are increasing, which intensify our concerns about cyber security. Huawei will therefore pay a great deal more attention to this issue and has long been dedicated to adopting feasible and effective measures to improve the security of its products and services, thus helping customers to reduce and avoid security risks and building trust and confidence in Huawei. Huawei believes that the establishment of an open, transparent and visible security assurance framework will be conducive to the sound and sustainable development of industry chains and technological innovation; it will also facilitate smooth and secure communications among people.

In light of the foregoing, Huawei hereby undertakes that as a crucial company strategy, based on compliance with the applicable laws, regulations, standards of relevant countries and regions, and by reference to the industry best practice, it has established and will constantly optimize an end-to-end cyber security assurance system. Such a system will incorporate aspects from corporate policies, organizational structure, business processes, technology and standard practice. Huawei has been actively tackling the challenges of cyber security through partnerships with governments, customers, and partners in an open and transparent manner. In addition, Huawei guarantees that its commitment to cyber security will never be outweighed by the consideration of commercial interests.

To continuously deliver innovative high-quality products and services, advanced business process assurance is required. Huawei has hired IBM since 1997, as a consultant to build Huawei as a process-based organization based on industry-best-practice to ensure that high-quality products and services can be delivered repeatedly. We have hired the world's most innovative and professional organizations to provide Huawei with business process support.

In addressing the requirements of law, policies, and standards for cyber security, we incorporate the industry-best-practice into Huawei's standard processes and baselines. In this way, cyber security becomes a standard part for Huawei's daily business operation. Huawei's end-to-end cyber security methodology is incorporated into the following 12 corporate processes and business modules.

Governance of Cyber Security Strategy

However, we accept that just because you have a process that does not mean that it is a good process, or that anyone actually executes the process. Our starting point was to create the governance that will make this happen, but importantly, provide clear accountability for its success or failure. This can only happen at the very top of the organization – if it doesn’t matter to the Board and senior officials it will not matter to the employees. The governance of cyber security in Huawei is as follows:

From an organizational perspective, the Global cyber Security and user Privacy protection Committee (GSPC), as the top-level cyber security management body of Huawei, is responsible for ratifying the strategy of cyber security assurance. The Global cyber Security and user Privacy protection Officer (GSPO) is a significantly important member of GSPC, who reports directly to the CEO of Huawei. The GSPO in charge of developing this strategy and managing and supervising its implementation. The system will be adopted globally by all departments within Huawei to ensure consistency of implementation. The GSPO shall also endeavor to facilitate effective communication between Huawei and all stakeholders, including governments, customers, partners and employees.