In 2005, ZTE became the first Chinese enterprise to establish the ISO 27001 information security management system successfully. ZTE’s product security activities include standard establishment, security assurance, security evaluation, and emergency response. ZTE cooperates with international security service and assessment organizations, and has established the Product Security Committee with technical support by the product lines to improve product quality and enhance customer confidence continuously.
ZTE has built a thorough security guarantee system that covers the whole lifecycle of products and strictly complies with ISO 27001, ISO 15408 and ITU.T X.805. Guided by the Product Security Committee and organized by the Security Committee Office, ZTE continuously optimizes the product security management structure, and improves the security guarantee mechanism of the whole product lifecycle covering R&D, supply chains, manufacture, verification, service delivery, and incident management, to provide secure products and solutions for customers in all industries.
In 2010, a leading information security provider, atsec, evaluated ZTE's cryptographic algorithms. In the same year, ZTE's UPCL and UEPCM cryptographic modules were validated by the NIST, and reached the FIPS 140-2 standard. ZTE became the first Chinese communications equipment manufacturer to obtain the FIPS certificate. ZTE's CDMA/WiMAX, bearer network, core network, fixed network, GSM/UMTS and TD products are awarded the CC certificates. In addition, the CDMA/WiMAX NetNumen U31 is granted a CC certificate by the CC Scheme in Netherland, which is the first CC certificate obtained by Chinese communications manufacturers.
As an independent security verification department in the company, ZTE Cyber Security Laboratory is an integrated platform for evaluation, capability development, incident response, knowledge base management, and technical communication.
In 2014, ZTE will further improve the product security guarantee system, product security baselines, R&D standards, and supply chain security management, and build a supplier product security management system and a supplier-oriented purchase security baseline complying with ISO 28000. We will integrate the key product security requirements into all purchase, manufacture and delivery activities, and establish effective information release and emergency response mechanisms to ensure timely response within 24 hours.
As a global leading communications product and solution provider, ZTE considers customer focus, comprehensive guarantee, timely response, security and trust as the product security policies, and makes all efforts to bring more benefits to customers, industries and the society.