While cybersecurity certainly requires sophisticated technology interventions, staff training is equally important in protecting client information.
Conscious of this, Huawei conducts regular employee awareness and skills enhancement programmes. We have done training across a range of cybersecurity and privacy-protection topics and held exams for all Huawei employees, with a 99% success rate.
We also encourage employees to improve their cybersecurity and privacy expertise through external training and professional certification. To date, more than 500 employees have obtained external professional certifications such as IAPP (privacy) and CISSP (cyber security).
Huawei has the most IAPP-certified employees in the world. Our Cyber Security & Privacy Protection Knowledge Centre, a one-stop learning and training platform, is already helping employees improve their skills and enhance their knowledge.
More than 620 000 hours of coursework has been completed by our employees, with a total of more than 290 000 individual enrollments in our 111 courses. This means the average Huawei employee has spent more than two hours taking cybersecurity and privacy training.
Huawei also remains committed to complying with privacy protection laws and regulations around the world. We have adopted industry-recognised best practices, and have embedded Privacy by Design into product and service-development processes.
These initiatives contribute to a holistic framework for personal privacy protection policy. We have increased our investment in the management of data-subject rights assurance, developed explicit management requirements and processes, and deployed them in a unified IT system, ensuring that we can promptly process data subjects’ requests.
To date, we have handled more than 10 000 data-subjects requests. In addition, we completed 26 internal audits to ensure that our personal privacy protection policy has been implemented in a consistent and effective manner. We also passed five external audits as well as one professional inspection by a regulator.
We understand that cybersecurity is only as effective as the team that implements it. Organisations in the information space would also be well served to ensure that employee training keeps pace with the cybersecurity technology they employ.