HERE's Certifications and Attestations

Effective date: 
Wednesday, 1 January, 2020

 

ISO/IEC 27001 Information Security Management System (ISMS)ISO/IEC 27001:2013

HERE is successfully sustaining a high level of performance securing our environments via systematically implementing and maintaining certification globally. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). 

View our ISO/IEC 27001:2013 certification.

 

ISO/IEC 27701 Privacy Information Management System (PIMS)ISO/IEC 27701:2019

Specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002. PIMS-related requirements and guidance for PII controllers and PII processors holding responsibility and accountability for PII processing. HERE as PII Processor. 

View our ISO/IEC 27701:2019 certification.

 

ISO/IEC 27018 Protection of Personally Identifiable information (PII)ISO/IEC 27018:2019

Establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles of ISO/IEC 29100 for the public cloud computing environment. It takes into consideration of regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

View our ISO/IEC 27018:2019 certification.

 

ISO/IEC 27017 Security Controls for Cloud ServicesISO/IEC 27017:2015

Provides guidelines for information security controls applicable to the provision and use of cloud services for both cloud service providers and cloud service customers.

View our ISO/IEC 27017:2015 certification.

 

SOC 2 Type 2SOC 2 Type 2

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

HERE Technologies has achieved SOC 2 attestation of HERE Platform Foundation and Workspace. SOC 2 is a critical and rigorous audit that demonstrates to customers, prospective customers, and other interested parties that HERE has mature security and privacy capabilities.

 

TISAXTISAX Assessment

The ENX Association supports with TISAX (Trusted Information Security Assessment Exchange) on behalf of VDA the common acceptance of Information Security Assessments in the automotive industry. The TISAX Assessments are conducted by accredited audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for general public.

For HERE Technologies confidentiality, availability and integrity of information have great value. We have taken extensive measures on protection of [sensitive and/or confidential] information. Therefore, we follow the question catalogue of information security of the German Association of the Automotive Industry (VDA ISA). The Assessment was conducted by an audit provider, in this case the TISAX audit provider (TÜV SÜD Management Service GmbH). The result is exclusively retrievable over the ENX Portal.

Scope ID: S2LV52
Assessment ID: A5VLH5-4

 

CSA STARCSA STAR LEVEL 1 Self-Assessment

A complimentary offering that documents the security and privacy controls provided by HERE's cloud computing offerings, thereby helping customers of our services assess our security.  HERE has submitted a completed Consensus Assessments Initiative Questionnaire (CAIQ) to document compliance with the Cloud Controls Matrix (CCM). This information then becomes publicly available, promoting industry transparency and visibility into HERE's security practices.

HERE has completed and maintains a CSA STAR Level 1 Self-Assessment.  View our registry listing.  Learn more about the Security Trust Assurance and Risk (STAR) Program

 

National Security Scheme (ENS)National Security Scheme (ENS)

A set of regulations that make it possible to create and maintain the necessary security conditions in the use of electronic media through measures that guarantee the security of systems, data, communications, and electonic services to facilitate the exercise of rights and fulfillment of duties through these media.

HERE has submitted Declaration of Conformity in the BASIC Category.