ZTE Cybersecurity White Paper
In April 2019, ZTE releases the Cybersecurity White Paper, which elaborates on ZTE's insights, principles, strategies, and practices concerning cybersecurity. The white paper concentrates on ZTE's multi-layer security system and providing customers with end-to-end security assurance for products and services.
ZTE's Cybersecurity Strategy
"Security in DNA, Trust through Transparency", Cybersecurity is one of the highest priorities for ZTE's product development and delivery. We have established a holistic cybersecurity governance structure across the company's strategic development plan, taking into account relevant laws, regulations and standards, thereby fostering good security awareness for all employees and emphasizing the security of the entire process.
- Vision: Security in DNA, Trust through Transparency
- Mission: to build a world class cybersecurity governance system and provide our customers with end-to-end security assurance
- Objective: to provide trustworthy and end-to-end cybersecurity assurance capabilities throughout an entire product lifecycle
- Strategy: Cybersecurity is one of the highest priorities for product development and delivery
- Tactics: standardization, strict implementation, traceability, strong supervision, full transparency, and trustworthiness
ZTE's Cybersecurity Practices
- The white paper also describes ZTE's end-to-end product security practices, covering a wide range of practices from R&D security, supply chain security, delivery security and personal data protection to security incident management, independent security assessment and cybersecurity lab building. ZTE is committed to building a sound cybersecurity governance structure and creating an end-to-end security assurance mechanism for all phases of the product lifecycle.By building a three lines of defense security governance model, establishing cybersecurity baselines, developing processes for security management, implementing closed-loop management for cybersecurity, ZTE enables end-to-end secure delivery of products and services.
- Cybersecurity Governance Architecture Based on Three Lines of Defense: Each business unit is the first line of defense to realize the self-control of cybersecurity; The Product Security Dept. is the second line of defense to implement independent security assessment and supervision; The Internal Control & Audit Dept. is the third line of defense for monitoring and evaluating cybersecurity governance of 1st and 2nd line. Meanwhile, ZTE welcomes independent security audits by customers or external third parties.
- Cybersecurity Specification System: ZTE has established robust cybersecurity policies, standards, procedures, and guidelines. The cybersecurity policy system recommends a comprehensive set of requirements for cybersecurity governance. ZTE has issued a series of security management specifications and standards, which are under regular review. Each business unit carries out the practical security activities in accordance with these cybersecurity requirements. During the practical implementation of the security specifications, corresponding results and records are captured, which are available as evidence to relevant parties for auditing.
Look Forward and Advance Together
ZTE continues to communicate and cooperate with operators, regulatory agencies, partners, and other stakeholders in an open and transparent manner with respect to continuous improvement in our cybersecurity practices. In accordance with laws and regulations, ZTE respects legitimate rights and interests of users and end users, and keeps innovating and improving our management and technical practices. Ultimately, ZTE is committed to providing customers with secure and trustworthy products and services, while creating a secure cyber environment together with all stakeholders and maintaining a sound security order for cyberspace.
click to download: 《ZTE Cybersecurity White Paper》