Cyber Security and Privacy Protection
Building and implementing an end-to-end global cyber security and privacy protection assurance system is one of Huawei's key strategies. In compliance with applicable laws and regulations in countries where it operates and international standards, Huawei has been creating an effective, sustainable, and reliable cyber security and privacy protection assurance system by referring to the requirements of regulators and customers, as well as industry best practices. Additionally, Huawei actively works with governments, customers, and industry partners to address cyber security and privacy challenges.
We adhere to our cyber security values: integrity & trustworthiness, accountability & capability, and openness & transparency. Huawei does not and will never implant backdoors into its equipment or allow others to do so. We will never illegitimately collect intelligence for any individual or organization, including government organizations, agents, and entities.
Huawei is fully aware of the importance of privacy protection. We are committed to protecting personal data of our consumers, customers, suppliers, partners, employees, and other relevant entities, and we comply with all privacy and personal data protection laws and regulations everywhere we operate.
Huawei has established the Global Cyber Security and User Privacy Protection Committee (GSPC) that acts as the company's highest authority on cyber security and privacy protection. This Committee is responsible for deciding on and approving the company's overall strategy for cyber security and privacy protection. The company has appointed the Global Cyber Security and Privacy Officer (GSPO), who is responsible for leading his team to develop a cyber security and privacy protection strategy and policies, and for managing and overseeing cyber security and privacy protection organizations and operations within related departments. The Officer also ensures that the cyber security and privacy protection strategy is well implemented in all departments, regions, and processes, and drives communication with stakeholders such as governments, customers, consumers, suppliers, partners, and employees.
In addition, Huawei has set up the GSPO Office, which acts as the compliance RCO for cyber security and privacy protection. The Office assists the GSPO in developing and implementing related strategies and policies.
Huawei has built and implemented its own end-to-end global cyber security and privacy protection assurance system in all domains. This system covers policies, processes, tools, technologies, and standards. Huawei takes the following key measures for cyber security and privacy protection:
- Publishing the Statement on Establishing a Global Cyber Security Assurance System and Huawei General Privacy Protection Policy to specify the company's attitude, general principles, and requirements concerning cyber security and privacy protection.
- Business departments identify cyber security and privacy protection risks based on business scenarios and high-risk groups, develop management requirements and incorporate these requirements into related business processes, and IT systems and tools.
- Establishing end-to-end cyber security and privacy protection verification systems, regularly conducting cyber security and privacy protection measurements, inspections, and internal audits, and setting up organizations independent of business departments to verify Huawei's products and services. Making management improvements to address identified issues, and working with third parties on tests, certifications, and external audits to continuously improve Huawei's cyber security and privacy protection management.
Organizing enablement training and exams concerning cyber security and privacy protection for all employees, and providing special training for managers, high-risk groups, etc. Establishing an accountability mechanism, publishing the Severity Levels and Accountability Standards for Compliance Violations, and taking disciplinary action against violators.
Statement on Establishing a Global Cyber Security Assurance System