HERE's Certifications and Attestations
ISO/IEC 27001:2013 - Information Security Management System (ISMS)
HERE is successfully sustaining a high level of performance securing our environments via systematically evaluating information security risks, taking into account the impact of threats and vulnerabilities; implementing a comprehensive suite of information security controls and maintaining management processes to ensure that the information security controls meet our needs on an ongoing basis. ISO/IEC 27001:2013 is a security standard that outlines and provides the best practices and comprehensive security controls for an Information Security Management System (ISMS) following the ISO/IEC 27002 best practice guidance.
View our ISO/IEC 27001:2013 certification details.
To verify the status of our certification, query Schellman’s certificate directory located at: https://www.schellman.com/certificate-directory
HERE has certification for compliance with ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2019. These certifications are performed by independent third-party auditors. Our compliance with these internationally recognized standards and codes of practice is evidence of our commitment to information security at every level of our organization, and that the HERE security program is in accordance with industry leading best practices.
ISO/IEC 27701:2019 - Privacy Information Management System (PIMS)
HERE compliments the widely used ISO/IEC 27001 and ISO/IEC 27002 standards for Information Security Management with the implementation of the Privacy Information Management System. HERE takes privacy into account in the creation and delivery of all our products and services, holding a high standard of honesty, integrity, and ethical conduct in our data processing practices. HERE complies with the requirements of applicable data protection and privacy laws and uses all reasonable measures to protect the privacy of all its users. The requirements and guidelines of Privacy Information Management System, including the additional controls to address as PII Controller and PII Processor, are implemented. HERE’s certification for ISO/IEC 27701:2019 is in the role of a data (PII) processor within its Information Security Management System (ISMS).
View our ISO/IEC 27001:2013 certification details.
To verify the status of our certification, query Schellman’s certificate directory located at: https://www.schellman.com/certificate-directory
ISO/IEC 27701:2019 is an extension to ISO/IEC 27001:2013 and ISO/IEC 27002 standards that specifies the requirements and guidelines to establish and continuously improve the Privacy Information Management System (PIMS), including processing of Personally Identifiable Information (PII).
ISO/IEC 27017:2015 - Security Controls for Cloud Services
ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.
View our ISO/IEC 27001:2013 certification for more details.
To verify the status of our certification, query Schellman’s certificate directory located at: https://www.schellman.com/certificate-directory
ISO/IEC 27018:2019 - Protection of Personally Identifiable information (PII)
ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls through the Annex A control set and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002.
View our ISO/IEC 27001:2013 certification for more details.
To verify the status of our certification, query Schellman’s certificate directory located at: https://www.schellman.com/certificate-directory
ISO/IEC 9001:2015 - Quality Management Systems
ISO 9001:2015 is an international standard specifying requirements for a quality management system (QMS) designed to consistently provide products and services that meet customer and regulatory requirements. The objective is to define, continuously improve systematically, and to measurably achieve or exceed customer and business outcomes. HERE has been certified since 2004 and has continuously evolved and improved the company QMS accordingly.
View our ISO/IEC 9001:2015 certification.
SOC 2 Type 2
The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
HERE Technologies has achieved SOC 2 attestation of HERE Platform Foundation and Workspace. SOC 2 is a critical and rigorous audit that demonstrates to customers, prospective customers, and other interested parties that HERE has mature security and privacy capabilities.
TISAX
HERE has completed the Trusted Information Security Assessment Exchange (TISAX) assessment for “AL2- Information with High Protection Needs”. This standard provides the European automotive industry a consistent, standardized approach to information security systems. The Assessment was conducted by an audit provider, in this case the TISAX audit provider (TÜV SÜD Management Service GmbH). The results are available on the ENX Portal.
Scope ID: S2LV52
Assessment ID: A5VLH5-4
CSA - Cloud Security Alliance
Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.”
HERE has submitted a completed Consensus Assessments Initiative Questionnaire (CAIQ) to document compliance with the Cloud Controls Matrix (CCM). This information then becomes publicly available, promoting industry transparency and visibility into HERE's security practices.
HERE has completed and maintains a CSA STAR Level 1 Self-Assessment.
View our registry listing.
Learn more about the Security Trust Assurance and Risk (STAR) Program.
National Security Scheme (ENS)
A set of regulations that make it possible to create and maintain the necessary security conditions in the use of electronic media through measures that guarantee the security of systems, data, communications, and electonic services to facilitate the exercise of rights and fulfillment of duties through these media.
HERE has submitted Declaration of Conformity in the BASIC Category.