Statement on Establishing a Global Cyber Security Assurance System
As a global leading telecom solutions provider, Huawei Technologies Co. Ltd. ("Huawei") is fully aware of the importance of cyber security and understands the concerns of various governments and customers about security. With the constant evolution and development of the telecom industry and information technology, security threats and challenges are increasing, which intensify our concerns about cyber security. Huawei will therefore pay a great deal more attention to this issue and has long been dedicated to adopting feasible and effective measures to improve the security of its products and services, thus helping customers to reduce and avoid security risks and building trust and confidence in Huawei’s business. Huawei believes that the establishment of an open, transparent and visible security assurance framework will be conducive to the sound and sustainable development of industry chains and technological innovation; it will also facilitate smooth and secure communications among people.
In light of the foregoing, Huawei hereby undertakes that as a crucial company strategy, based on compliance with the applicable laws, regulations, standards of relevant countries and regions, and by reference to the industry best practice, it has established and will constantly optimize an end-to-end cyber security assurance system. Such a system will incorporate aspects from corporate policies, organizational structure, business processes, technology and standard practice. Huawei has been actively tackling the challenges of cyber security through partnerships with governments, customers, and partners in an open and transparent manner. In addition, Huawei guarantees that its commitment to cyber security will never be outweighed by the consideration of commercial interests.
From an organizational perspective, the Global Cyber Security Committee (GCSC), as the top-level cyber security management body of Huawei, is responsible for ratifying the strategy of cyber security assurance. The Global Cyber Security Officer (GCSO) is a significantly important member of GCSC, in charge of developing this strategy and managing and supervising its implementation. The system will be adopted globally by all departments within Huawei to ensure consistency of implementation. The GCSO shall also endeavor to facilitate effective communication between Huawei and all stakeholders, including governments, customers, partners and employees. The GCSO reports directly to the CEO of Huawei.
In terms of business processes, security assurance shall be integrated into all business processes relating to R&D, the supply chain, sales and marketing, delivery, and technical services. Such integration, as the fundamental requirement of the quality management system, will be implemented under the guidance of management regulations and technical specifications. In addition, Huawei will reinforce the implementation of the cyber security assurance system by conducting internal auditing and receiving external certification and auditing from security authorities or independent third-party agencies. Furthermore, Huawei has already been certified to BS7799-2/ISO27001 accreditation since 2004.
In connection with personnel management, our employees, partners and consultants are required to comply with cyber security policies and requirements made by Huawei and receive appropriate training so that the concept of security is deeply rooted throughout Huawei. To promote cyber security, Huawei will reward employees who take an active part in cyber security assurance and will take appropriate action against those who violate cyber assurance policies. Employees may also incur personal legal liability for violation of relevant laws and regulations.
Taking on an open, transparent and sincere attitude, Huawei is willing to work with all governments, customers and partners through various channels to jointly cope with cyber security threats and challenges from cyber security. Huawei will set up regional security certification centers if necessary. These certification centers will be made highly transparent to local governments and customers, and Huawei will allow its products to be inspected by people authorized by local governments to ensure the security of Huawei’s products and delivery service. Meanwhile, Huawei has been proactively involved in the telecom cyber security standardization activities led by ITU-T, 3GPP, and IETF etc., and has joined security organizations such as FIRST and partnered with mainstream security companies to ensure the cyber security of its customers and promote the healthy development of industries.
This cyber security assurance system applies to Shenzhen Huawei Investment Holding Co., Ltd., and all subsidiaries and affiliates which are under its direct or indirect control. This statement is made on behalf of all the above entities.
This statement should comply with local laws and regulations. In the event of any conflict between this statement and local laws and regulations, the latter shall prevail. Huawei will review this statement on an annual basis, and shall keep it in line with laws and regulations.