HMS Achieves Multiple SOC Privacy and Security Certifications from AIPCA

Huawei is dedicated to providing industry-leading privacy and security, and regard these features as key tenets of the overall user experience regardless of device categories. As a testament to its effort, AppGallery Connect, Huawei’s developer platform, has recently achieved four new international privacy and security accreditations from the American Institute of Certified Public Accountants (AICPA).

As of today, AppGallery Connect has passed the following AICPA Service Organization Control (SOC) audits — SOC 1 Type 2, SOC 2 Type 1, SOC 2 Type 2, and SOC 3[AL1] . These certifications prove that AppGallery Connect’s information security management is up to international standards and is capable of providing developers with world-class security and privacy protection services.

The SOC reports have become a globally recognised data security audit standard thanks to its rigour and transparency. The audit reports provide a comprehensive evaluation of the company’s internal controls in areas relevant to security and privacy, and are then verified as well as issued by a professional third-party accounting firm in accordance with relevant guidelines of the AICPA.

The SOC 1 Type 2 report is based on AT-C section 320 in the Statement on Standards for Attestation Engagements (SSAE) №18. It indicates that AppGallery Connect has set proper security control objectives, provides proper measures accordingly, and ensures effective execution of the set measures.

Similarly, SOC 2 Type 1, SOC 2 Type 2, and SOC 3 reports are based on AT-C section 205 in SSAE №18 and 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (TCP section 100). Of which, the successful completion of SOC 2 Type 1 report proves that AppGallery Connect services have appropriate security, availability, confidentiality, and privacy principles, while the SOC 2 Type 2 and SOC 3 reports cover the appropriateness and effectiveness related to these principles.

Huawei offers unwavering commitment to protecting users privacy and security

The Huawei Mobile Services (HMS) is an aggregation of HMS Core capabilities, including a full portfolio of safe and secure HMS Apps, HMS Connect, and corresponding IDE tools for development and testing.

More notably, HMS is based on five security technologies — including identity authentication, data security and privacy protection, content protection, application security, and service risk control — to ensure users’ privacy and security are protected in a comprehensive end-to-end manner.

HMS has obtained privacy and security certifications in various fields that are recognised globally. These include ISO/IEC 27001 and CSA STAR certifications in the security field, PCI DSS certifications in the mobile payment field, and FIDO certifications in the identity authentication field. This is on top of the ISO/IEC 27701, and ISO/IEC 27018 certifications that Huawei has achieved in the privacy field. These accreditations are a standing testament to the standard of HMS’ security and privacy processes.

Looking ahead, Huawei will continue to invest in user data privacy protection and prioritise cybersecurity and privacy for every product and service. This is to realise the company’s vision of building a secure and reliable digital environment for global Huawei users.

For more information, please visit https://consumer.huawei.com/en/privacy/. You may also read the latest Security Technical White Paper from HMS here.

[AL1]Name convention based on AICPA official website: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/serviceorganization-smanagement.htm [AL1]l