HERE's Certifications and Attestations
ISO/IEC 27001:2013 - Information Security Management System (ISMS)
HERE is successfully sustaining a high level of performance securing our environments via systematically evaluating information security risks, taking into account the impact of threats and vulnerabilities; implementing a comprehensive suite of information security controls and maintaining management processes to ensure that the information security controls meet our needs on an ongoing basis. ISO/IEC 27001:2013 is a security standard that outlines and provides the best practices and comprehensive security controls for an Information Security Management System (ISMS) following the ISO/IEC 27002 best practice guidance.
View our ISO/IEC 27001:2013 certification details.
To verify the status of our certification, query Schellman’s certificate directory located at: https://www.schellman.com/certificate-directory
HERE has certification for compliance with ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2019. These certifications are performed by independent third-party auditors. Our compliance with these internationally recognized standards and codes of practice is evidence of our commitment to information security at every level of our organization, and that the HERE security program is in accordance with industry leading best practices.
ISO/IEC 27701:2019 - Privacy Information Management System (PIMS)
HERE compliments the widely used ISO/IEC 27001 and ISO/IEC 27002 standards for Information Security Management with the implementation of the Privacy Information Management System. HERE takes privacy into account in the creation and delivery of all our products and services, holding a high standard of honesty, integrity, and ethical conduct in our data processing practices. HERE complies with the requirements of applicable data protection and privacy laws and uses all reasonable measures to protect the privacy of all its users. The requirements and guidelines of Privacy Information Management System, including the additional controls to address as PII Controller and PII Processor, are implemented. HERE’s certification for ISO/IEC 27701:2019 is in the role of a data (PII) processor within its Information Security Management System (ISMS).
View our ISO/IEC 27001:2013 certification details.
To verify the status of our certification, query Schellman’s certificate directory located at: https://www.schellman.com/certificate-directory
ISO/IEC 27701:2019 is an extension to ISO/IEC 27001:2013 and ISO/IEC 27002 standards that specifies the requirements and guidelines to establish and continuously improve the Privacy Information Management System (PIMS), including processing of Personally Identifiable Information (PII).
ISO/IEC 27017:2015 - Security Controls for Cloud Services
ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.
View our ISO/IEC 27001:2013 certification details.
To verify the status of our certification, query Schellman’s certificate directory located at: https://www.schellman.com/certificate-directory
ISO/IEC 27018:2019 - Protection of Personally Identifiable information (PII)
ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls through the Annex A control set and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002.
View our ISO/IEC 27001:2013 certification details.
To verify the status of our certification, query Schellman’s certificate directory located at: https://www.schellman.com/certificate-directory
ISO/IEC 9001:2015 - Quality Management Systems
ISO 9001:2015 is an international standard specifying requirements for a quality management system (QMS) designed to consistently provide products and services that meet customer and regulatory requirements. The objective is to define, continuously improve systematically, and to measurably achieve or exceed customer and business outcomes. HERE has been certified since 2004 and has continuously evolved and improved the company QMS accordingly.
View our ISO/IEC 9001:2015 certification.
SOC 2 Type 2
The SOC 2 Type 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
HERE Technologies has achieved SOC 2 attestation for HERE Platform Foundation and Workspace. SOC 2 is a critical and rigorous audit that demonstrates to customers, prospective customers, and other interested parties that HERE has mature security and privacy capabilities.
TISAX
HERE has completed the Trusted Information Security Assessment Exchange (TISAX) assessment for “AL2- Information with High Protection Needs”. This standard provides the European automotive industry a consistent, standardized approach to information security systems. The Assessment was conducted by a TISAX audit provider (TÜV SÜD Management Service GmbH). The results are available on the ENX Portal.
Scope ID: S2LV52
Assessment ID: A5VLH5-4
CSA - Cloud Security Alliance
Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.”
The Security Trust Assurance and Risk (STAR) Level 2 Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix criteria. The STAR Level 2 certification with STAR validates for cloud customers the use of best practices and the security posture.
HERE completed the 3rd party audit to certify against CSA STAR Level 2 Third-Party Audit Level Certification.
View our registry listing.
Learn more about the Security Trust Assurance and Risk (STAR) Program.
National Security Scheme (ENS)
A set of regulations that make it possible to create and maintain the necessary security conditions in the use of electronic media through measures that guarantee the security of systems, data, communications, and electronic services to facilitate the exercise of rights and fulfillment of duties through these media.
HERE has submitted Declaration of Conformity in the BASIC Category.
Learn more about ENS.
General Data Protection Regulation (GDPR) EU 2016/679
HERE’s Information Security and Privacy programs supporting the HERE Platform Product Lifecycle Management framework have adopted the essential elements of the General Data Protection Regulation (GDPR). Requirements described in Chapter II through Chapter – V of the GDPR have met the obligations of the GDPR Type 1 attestation performed by our external auditor.
Learn more about GDPR.
HITRUST (Health Information Trust Alliance)
HITRUST Risk-based, 2-year (r2) Certified status demonstrates that the organization’s Location Services – Indoor Map to support Indoor Positioning, Geocoding and Routing Services has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places HERE in an elite group of organizations worldwide that have earned this certification.
By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
Learn more about HITRUST.